Re: Rational for debian group accounts
On 17 Sep 1997, Guy Maor wrote:
> Jean Pierre LeJacq <jplejacq@quoininc.com> writes:
>
> > Garfinkel and Spafford in their book "Practical UNIX & Internet
> > Security" consider the Debian scheme of assigning a unique group to
> > each individual user to be a bad idea from a security perspective.
>
> What specifically is the problem?
They claim it requires constant intervention by the system
administrator to add/remove users from the many groups this approach
introduces.
> > Does anyone have a rational for this design of groups?
>
> The rationale is:
>
> In order for several people to work in a group-writable area, the
> directories should be chmod g+w,g+s, and the users should be using
> umask 002. Users are going to forget to switch umasks so we'd like
> the default umask to be 002. For that to be possible, each user needs
> his own group.
Why is the last point true?
--
Jean Pierre
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: