Re: Rational for debian group accounts

To: debian-devel@lists.debian.org
Subject: Re: Rational for debian group accounts
From: Guy Maor <maor@ece.utexas.edu>
Date: 17 Sep 1997 08:43:47 -0500
Message-id: <[🔎] 87en6o9ht8.fsf@slip-97-9.ots.utexas.edu>
In-reply-to: Jean Pierre LeJacq's message of Wed, 17 Sep 1997 08:11:32 -0400 (EDT)
References: <[🔎] Pine.LNX.3.96.970917080326.13590E-100000@smoke.quoininc.com>

Jean Pierre LeJacq <jplejacq@quoininc.com> writes:

> Garfinkel and Spafford in their book "Practical UNIX & Internet
> Security" consider the Debian scheme of assigning a unique group to
> each individual user to be a bad idea from a security perspective.

What specifically is the problem?

> Does anyone have a rational for this design of groups?

The rationale is:

In order for several people to work in a group-writable area, the
directories should be chmod g+w,g+s, and the users should be using
umask 002.  Users are going to forget to switch umasks so we'd like
the default umask to be 002.  For that to be possible, each user needs
his own group.

Guy

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: Rational for debian group accounts
  - From: Jean Pierre LeJacq <jplejacq@quoininc.com>

References:
- Rational for debian group accounts
  - From: Jean Pierre LeJacq <jplejacq@quoininc.com>

Prev by Date: Re: Once again: libc6 packages compatibility etc...
Next by Date: Re: hamm libc5 compalible? (was Upgrading compface stops xemacs working)
Previous by thread: Rational for debian group accounts
Next by thread: Re: Rational for debian group accounts
Index(es):
- Date
- Thread