Re: UPG and the default umask
The Fungi <firstname.lastname@example.org> writes:
> On Sat, May 15, 2010 at 02:34:57PM -0700, Russ Allbery wrote:
>> That's a good idea. I'm not sure if all UNIX group systems allow one to
>> ask how many users are a member of a particular group, but if there's a
>> way to ask that question at least in those group systems that support
>> it, the implementation should be fairly straightforward.
> This is racy, unfortunately (at least by itself). Consider a non-UPG
> system which starts with one user... this check passes and files get
> created with group write flagged. Later, subsequent users appear sharing
> that same group and the default umask stops making new files
> group-writeable, but the first user's original files are now able to be
> modified by others (and then his account is immediately at risk of being
> taken over by one of the new users without his knowledge).
> Of course, coupled with other checks like uname==gname, parsing
> login.defs, et cetera, it could add an extra layer of assurance.
Right, exactly. You also check that username == group name, but it's an
additional check to be sure that the group doesn't just happen to look
like a user private group but isn't.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>