[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: user private groups and a src group

Daniel Quinlan wrote:
>[ Ian Jackson wrote: ]
>> Please can we have this in before Debian 1.0 - otherwise we're going
>> to find it virtually impossible to migrate, because all the
>> installations will already have groups with the gids we're going to
>> need to use.  This arrangement is quite hard to retrofit, but very
>> easy and straightforward to do from the beginning.
> I've already made my point about waiting until 0.9x, but I'd like to
> see someone other than Ian Murdock (someone very familiar with this)
> handle the necessary changes, including the preparation of a list of
> things which need to be changed or rewritten, and then rewriting them.

The only things that should need changing are:

* /etc/passwd and /etc/group: change the default gid of the default
user and create their group, and possibly remove other conflicting

* adduser needs to arrange to create people's groups as well as their
passwd entries.  It should also be written to skip a uid/gid if it is
allocated in /etc/group as well as if it is in /etc/passwd, though
one should allocate user groups and project groups in different
ranges.  An addgroup script might be nice; alternatively prominently
leaving a large gap between assigned uids/gids and the start of the
users might be enough.

* Zillions of directories (almost all, in fact) should have the setgid
bit set.  This includes at least
 - user home directories
 - /usr/src
 - The entire /usr/local tree (which should presumably be group src)
In fact, it might be easier to
  find / -type d -print0 | xargs -0 chmod -R g+s
and then fix up the exceptions by hand.  The only ones I can think of
at the moment are /tmp and /var/tmp, though there may be others,
especially belonging to some obscure packages.


Reply to: