Re: user private groups and a src group
> 002 is the supposedly the most typical default umask, which gives
> complete access to the user and the group, and read (and directory
> search) access to others. However, in practice, most users set this
> to 022 (move the group down the world level) or 077 (full access to
> the user only) or 007 (full access to user and group, no access to
> world). ...
> > Does anyone have this private group scheme working? If we can agree
> > to use it, a few things in the Debian distribution can be changed to
> > provide this functionality by default.
I've never used it before, but I'm seriously considering doing so on a
new file server I'm setting up for my group and another at work.
> What functionality?
> I'm sorry -- maybe I'm totally clueless here, but I don't seen much
> inherent advantage in giving each private user their own group,
> especially considering how /etc/groups is off-limits to users.
> If there are advantages, let's hear them.
Perhaps I can shed some light on this. Daniel, as you noted above,
most users tend to set their umasks to 022 or 077. This works fine
for keeping other users from modifying (or even seeing) their personal
files. However, when a user needs to work with truly shared files
(where any member of the group can write to the any file), each user
has to remember to manually change his/her umask to 002 and then
remember to change it back when done. If the umask isn't changed,
other group members won't have write access to any new or modified
files. Now, I don't know about you, but I'm sure that my coworkers
and I would always be forgetting to change our umasks. This is where
the admitted hack of creating private groups comes in. It allows
users to always leave their umasks set to the more useful 002 without
compromising the security of their personal files.
David Engel Optical Data Systems, Inc.
email@example.com 1101 E. Arapaho Road
(214) 234-6400 Richardson, TX 75081