[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: UPG and the default umask

On 05/11/2010 07:09 PM, Russ Allbery wrote:
> Aaron already explained this, but I was confused for quite some time about
> the point of UPG and I'm not sure I would have gotten it from his
> explanation, so let me say basically the same thing he said in different
> words.
> The purpose of UPG is not to use the user private group for any sort of
> access control.  Rather, the point is to put each user in a group where
> they're the only member so that they can safely use a default umask of 002
> without giving someone else write access to all their files.  Then, the
> right thing will happen when that user edits files in a shared space owned
> by some *other* group.  Without UPG, you can't safely set a umask of 002,
> but when UPG is in place, you should be able to without broadening the
> access granted to the user's own files by default.  It then makes project
> directories with a sticky GID bit *much* more useful.
> UPG without a umask of 002 is pointless.  One may as well just put all
> users in a users group.

Well said.

. O .   O . O   . . O   O . .   . O .
. . O   . O O   O . O   . O O   . . O
O O O   . O .   . O O   O O .   O O O

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: