[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: UPG and the default umask

Hash: SHA512


Am Mo den 10. Mai 2010 um 20:35 schrieb Aaron Toponce:
> > See the case the user wants another person in his own group to share
> > files. Then he might set the files readable for his group only but not
> > for world. So the other user can read this data. But he cannot write it
> > as it might be intended.
> > 
> > Setting the umask to 002 let the other user _edit_ all files the user
> > did create in the past with that umask factual giving away most of his
> > files.
> The point of UPG is to not put users you don't trust in your private
> group. That's why it's called "private". :)

You can never trust anybody for giving him rights to _all_ of your
files. So this assuming is never true and a user will not have any
benefit of this group if the umask is 002!

> If you don't trust users in your UPG, then the administrator should
> setup a different group, and put the necessary users in that group.

Give me one case where this is true. If there is a group for sharing
purpose the users will use it -- and will lower there security down to
nothing. Setting a default umask of 002 is highly negligent!

> I'm all for increasing security, but it always comes at a cost.

Thats true. But setting the umask to 002 will lower them for no benefit.

> In this case, the convenience of setting up group collaboration
> directories becomes a pain to administer, as the group write bit is
> never set, and cron jobs, profile-specific umask values, or FACLs are
> used instead, adding to the complexity of the system.

Well, all cases I know about where collaboration was setted up, the
person who did was knowing exactly what he did. And that is the way it
should. Don't let users do something if they do not know what
consequences it will have -- specialize in security!

The crazy idea of setting the umask to 002 per default will end in many,
many systems where the users have a low as nothing security for they
important files only to serve some few use cases where the persons
normally know how to get rid of anyway.

- -- 
Klaus Ethgen                            http://www.ethgen.de/
pub  2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus@Ethgen.de>
Fingerprint: D7 67 71 C4 99 A6 D4 FE  EA 40 30 57 3C 88 26 2B
Version: GnuPG v1.4.10 (GNU/Linux)


Reply to: