On Thu, Mar 10, 2022 at 06:37:58AM +0100, Marc Haber wrote: > On Thu, 10 Mar 2022 00:04:38 +0100, Ansgar <ansgar@43-1.org> wrote: > >On Wed, 2022-03-09 at 17:29 -0500, Michael Stone wrote: > >> Those are actually unrelated--the big reason for the more permissive > >> umask is to allow people to seamlessly work with other people in a > >> group, especially within setgid shared directories. Those shared > >> directories can be anywhere, and are likely *not* in a single user's > >> home. > >Setting a default ACL on project directories seems a technical better > >solution for this problem. It would only affect permissions of files > >that should intentionally be group-readable, not all files created > >anywhere. > Are we using ACLs bei Default already in other places of the Debian > system? We are using filesystem capabilities; and as far as I'm aware we have no filesystems that support fscaps extended attributes but NOT acls, nor am I aware of any archive formats that would preserve fscaps without also preserving acls. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slangasek@ubuntu.com vorlon@debian.org
Attachment:
signature.asc
Description: PGP signature