On Sat, May 15, 2010 at 02:34:57PM -0700, Russ Allbery wrote: > Willi Mann <foss-ml@wm1.at> writes: > > Russ Allbery wrote: > > >> The purpose of UPG is not to use the user private group for any sort of > >> access control. Rather, the point is to put each user in a group where > >> they're the only member so that they can safely use a default umask of > >> 002 without giving someone else write access to all their files. > > > Is it possible to detect whether an account is configured properly based > > on the UPG idea? If yes, wouldn't it then make sense to only set umask > > 002 if a proper UPG account is detected, otherwise 022? This would avoid > > putting non-UPG systems on danger. > > That's a good idea. I'm not sure if all UNIX group systems allow one to > ask how many users are a member of a particular group, but if there's a > way to ask that question at least in those group systems that support it, > the implementation should be fairly straightforward. The standard getgrnam/getgrgid (or the _r variants) are competely portable and give you the list of users who are group members (so a simple check through the user list is quick and easy). From the shell "getent group $group" should return an empty user list. -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
Attachment:
signature.asc
Description: Digital signature