Re: UPG and the default umask

[Russ Allbery <rra@debian.org>]

Willi Mann <foss-ml@wm1.at> writes:
> Russ Allbery wrote:

>> The purpose of UPG is not to use the user private group for any sort of
>> access control.  Rather, the point is to put each user in a group where
>> they're the only member so that they can safely use a default umask of
>> 002 without giving someone else write access to all their files.

> Is it possible to detect whether an account is configured properly based
> on the UPG idea? If yes, wouldn't it then make sense to only set umask
> 002 if a proper UPG account is detected, otherwise 022? This would avoid
> putting non-UPG systems on danger.

That's a good idea.  I'm not sure if all UNIX group systems allow one to
ask how many users are a member of a particular group, but if there's a
way to ask that question at least in those group systems that support it,
the implementation should be fairly straightforward.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>