[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The story behind UPG and umask.

]] "C. Gatzemeier" 

| So yes, you can setup UPGs with UID!=GID, but then you'll also
| have to set the umask manually to make it work (globally or in gecos or
| ldap etc.).
| 
| The UID==GID and username==groupname restriction of the
| pam_umask's "usergroups" option ensures that the umask is only relaxed
| automatically in very specific defined cases.
| 
| That's why I'am thinking the UID==GID restriction pam_umask makes (and
| login made before) can be sane choice. (Others seem to use it also,
| and it is upstream.)

The problem is when you then run addgroup foo, every user created after
that will not be considered to be a UPG user.  Perhaps addgroup
shouldn't use the same gid range as what we are using for users, to make
this problem at least smaller, if not make it go away.

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
Reply to: