[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: user private groups and a src group

quinlan@spectrum.cs.bucknell.edu (Daniel Quinlan)
>
> David Engel writes:
>  
> > Perhaps I can shed some light on this.  Daniel, as you noted above,
> > most users tend to set their umasks to 022 or 077.  This works fine
> > for keeping other users from modifying (or even seeing) their personal
> > files.  However, when a user needs to work with truly shared files
> > (where any member of the group can write to the any file), each user
> > has to remember to manually change his/her umask to 002 and then
> > remember to change it back when done.  If the umask isn't changed,
> > other group members won't have write access to any new or modified
> > files.  Now, I don't know about you, but I'm sure that my coworkers
> > and I would always be forgetting to change our umasks.  This is where
> > the admitted hack of creating private groups comes in.  It allows
> > users to always leave their umasks set to the more useful 002 without
> > compromising the security of their personal files.
>  
> That's it?
>  
> This seems like an awfully ugly hack for something that could be fixed
> with a shell script or two on a local basis or perhaps even a low-level
> change.

This mechanism is enabled by the existing support given by setgid
directories.  It _is_ a low-level change, and IMNSHO it is an elegant
approach  -- certainly much more elegant that a shell script could
provide.

> This doesn't seem like the kind of thing that Debian, still in
> development, should be trying to do.

Maybe, maybe not.  Nobody has really pushed it for inclusion. Yet.

>  I admit that the single benefit
> is nice, but I see this as an exhibition of a "creeping feature" --
> something that will cause us more problems in the long run than
> anything else.
>  
> Not many Linux users will have a use for it

Maybe not.

>  and fewer still will
> understand it.

It is easier to understand than any other option.  One has
to only change directories to effectively change one's "hat"
Compare with "newgrp" which has to start a new shell, and
even then you have to change your umask _and_ take care to
change the group of every file/directory that you create.

i.e. "cd" vs. "newgrp + umask + chgrp x n"  -- no contest!

>  More trouble and ugliness than it is worth.  We should
> be worrying about fixing bugs, not creating new ones.

It creates _less_ trouble for users and again, IMNSHO, is quite
elegant.

BTW, this last sentence is pretty provocative and I think you should
think these things through a bit more before reacting.


--
	-Matt Hannigan
Reply to: