[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#64605: Gets confused if repacking in user home directory

Ruud de Rooij wrote:
> As far as I have used Debian (from 1.2 onwards), home directories have 
> always been setgid by default.

Ok, my current system inherited /home from slackware days 5 years ago,
so who knows..

> The following appears in /etc/adduser.conf:
> # The USERGROUPS variable can be either "yes" or "no".  If "yes" each
> # created user will be given their own group to use as a default, and
> # their home directories will be g+s.  If "no", each created user will
> # be placed in the group whose gid is USERS_GID (see below).

Right, user groups are a good thing. However, I fail to see why making
home sgid is necessary for user groups to work at all, or is even
related to user groups.

The user group system allows you to set your umask to 002, thus making
group writable files by default without having to worry about anyone
else being in your user group and being able to write to group writable
files files in eg, your home directory. This makes it easy to make other
groups, which multiple users *are* in, and have those groups share sgid
directories that are common workspaces for all group memebers, all without
having to mess with your umask or anything. This is (arguably) good.

But your user group is the default group files you create are owned by,
if you are not in one of the abovementioned sgid directories. So why
make your home directory sgid? I see no benefits at all. I can remove
the sgid bit, and everything continues to function exactly as it did
before, except you can untar a tarball into a subdirectory of your home
directory, without fear than tarring it back up will make all directories
in the new tarball sgid.

So what do sgid home directories buy us?

(It's worth noting that home directories on master, va.debian.org, and
even the new auric.debian.org are all not sgid.)

see shy jo

Reply to: