[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Rational for debian group accounts

On 17 Sep 1997, Guy Maor wrote:

> Jean Pierre LeJacq <jplejacq@quoininc.com> writes:
> 
> > Garfinkel and Spafford in their book "Practical UNIX & Internet
> > Security" consider the Debian scheme of assigning a unique group to
> > each individual user to be a bad idea from a security perspective.
> 
> What specifically is the problem?

They claim it requires constant intervention by the system
administrator to add/remove users from the many groups this approach
introduces.

> > Does anyone have a rational for this design of groups?
> 
> The rationale is:
> 
> In order for several people to work in a group-writable area, the
> directories should be chmod g+w,g+s, and the users should be using
> umask 002.  Users are going to forget to switch umasks so we'd like
> the default umask to be 002.  For that to be possible, each user needs
> his own group.

Why is the last point true?

-- 
Jean Pierre



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .
Reply to: