[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Rational for debian group accounts

Jean Pierre LeJacq <jplejacq@quoininc.com> writes:

> Garfinkel and Spafford in their book "Practical UNIX & Internet
> Security" consider the Debian scheme of assigning a unique group to
> each individual user to be a bad idea from a security perspective.

What specifically is the problem?

> Does anyone have a rational for this design of groups?

The rationale is:

In order for several people to work in a group-writable area, the
directories should be chmod g+w,g+s, and the users should be using
umask 002.  Users are going to forget to switch umasks so we'd like
the default umask to be 002.  For that to be possible, each user needs
his own group.


TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: