Re: The story behind UPG and umask.
]] "C. Gatzemeier"
| So yes, you can setup UPGs with UID!=GID, but then you'll also
| have to set the umask manually to make it work (globally or in gecos or
| ldap etc.).
|
| The UID==GID and username==groupname restriction of the
| pam_umask's "usergroups" option ensures that the umask is only relaxed
| automatically in very specific defined cases.
|
| That's why I'am thinking the UID==GID restriction pam_umask makes (and
| login made before) can be sane choice. (Others seem to use it also,
| and it is upstream.)
The problem is when you then run addgroup foo, every user created after
that will not be considered to be a UPG user. Perhaps addgroup
shouldn't use the same gid range as what we are using for users, to make
this problem at least smaller, if not make it go away.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
Reply to: