[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#80343: general: Lack of policy on which files should be owned by which user

On Tue, Dec 26, 2000 at 12:38:28PM +0200, Eray Ozkural (exa) wrote:
> I always thought it was a paranoid kind of security "feature"
> in Debian. I might be wrong of course.
> 
> How does giving every user his own group makes it easier for
> him to share files without system administrator's intervention?
> I couldn't guite get it, sorry I just woke up but I simply
> don't understand it. A small example?

Sure. Let's say you have a pair of users, Jose and HoseB,
each with home directories in /home, with a single-user group each.
They have some confidential files which they keep in their home
directories and want to hide from each other.

They also work on a project together, in /project. They have another
group, which they both belong to, and all the files in /project
use that GID. There are other users on the system who are not
working on the project and who should not be able to look at
/project.

Jose and HoseB can set their umask to allow group read/write by
default. When they write to their home directories, the files
belong to their individual user groups, so nobody else can read
them. When they write in /project, the files belong to the project
group, so they can both read them. And nobody except Jose and HoseB
can read the files in /project either, because they're not world
read/writable.

Now, imagine if Jose and HoseB shared a 'users' group, which
their home directories used, as well as the project group. When
they write to their home directories, their files end up
group read/writeable to all users! 

Or if they set their umask to allow user read/write only, then 
they end up with files in /project which the other person 
can't read. They have to remember to fix file permissions all the time. 

This is a big nuisance. I spent months working on a project with
a shared directory without individual user groups. Worse yet, you
can end up with a CVS repository full of files with user-only
permissions (using a local CVS repositor, rather than remote).

Of course this is not an issue if (a) you never need to share
files with a subset of users (use world read/write), or (b) you never 
need to share files at all (user read/write only).


> It populates the groups? I want only meaningful groups there.

Per-user groups are very meaningful, and are a good demonstration
of why Debian is a superior OS to many others.


Regards,
Hamish
-- 
Hamish Moffatt VK3SB <hamish@debian.org> <hamish@cloud.net.au>
Reply to: