[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: UPG and the default umask

On 05/17/2010 10:02 AM, Harald Braumann wrote:
> - you could have a UPG system but a mismatch of IDs -> wrong umask

ID numbers, yes. ID names, no. If the user name maches the group name,
IE: aaron = aaron, then the user matches the private group. If the match
is not made, then umask 0022 should be in play.

> - you could have a non-UPG system but a user's name and ID happen to
>   match those of the group -> wrong umask

If the username matches the group name, then you have a UPG system.
Unless you created a user called "devel" and put him in the "devel"
group. Debian is not substitute for stupidity.

> - you could add more layers and check, e.g., if the user is the only
>   member in the group. but more users could be added later making the
>   first user's files writeable by those.
> No matter how much clever logic you put in there, there is simply no
> way to make this work reliably because it's based on wrong assumption.

There is no complex, additional layers to check. You only need to match
the user and group names. If they match, it's UPG. If they don't, it
isn't. Give me a realistic case where this would be problematic.

. O .   O . O   . . O   O . .   . O .
. . O   . O O   O . O   . O O   . . O
O O O   . O .   . O O   O O .   O O O

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: