On Wed, May 24, 2000 at 04:30:49PM -0500, Nathan E Norman wrote: > > So what do sgid home directories buy us? > > As far as I can tell, they ease the above setup (shared sgid > directories) for the newbie. Observe: [snip] > > Other than changing group ownership on directory "test". I didn't have > to change any attribute of that directory. Granted, "chmod 2775 test" > or "chmod g+s test" would work fine, but most new users seem to have > severe problems with suid/sgid bits, and since they fear them they > don't use them. what kernel are you using? i think your using 2.2.12 which had a bug, observer 2.2.15: [eb@socrates test]$ ls -ld foo/ drwxr-sr-x 2 eb eb 4096 May 24 20:59 foo/ [eb@socrates test]$ cd foo/ [eb@socrates foo]$ mkdir bar [eb@socrates foo]$ ls -l total 4 drwxr-s--- 2 eb eb 4096 May 24 20:59 bar [eb@socrates foo]$ chgrp users bar/ [eb@socrates foo]$ ls -l total 4 drwxr-x--- 2 eb users 4096 May 24 20:59 bar [eb@socrates foo]$ uname -a Linux socrates 2.2.15 #1 Wed May 17 05:17:05 AKDT 2000 ppc unknown [eb@socrates foo]$ changing the owner or group is supposed to remove s[ug]id bits, 2.2.12 had a bug where this did not occur, it was fixed in 2.2.13. > A weak argument to be sure, but it's the only benefit I can see :) it turns out to not be a benifit at all. fwiw i setup a /usr/local/sbin/adduser.local to remove the sgid bit and set the home directory to mode 0710 group users. and my global umask is 027. IMO users should have to make the decision themselves to make all thier files world readable. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpBWThnPcvkQ.pgp
Description: PGP signature