user private groups and a src group
I think I missed the first few postings on this topic because I was
very slow in subscribing to the new list after it moved, but I have
been reading with amusement for the last several days. I don't
usually post my opinion on such things because I find that good sense
seems to prevail in the end but I can't resist this time.
This is not a hack, new, untried, radical, weird, or strange concept!
Several years ago as the lead administrator of a large (300+ node) BSD
(mostly SUN) site I implemented just such a policy. Each user (there
were over 300) had their own group id (numericly equal to the uid for
convenience) and was encouraged to set their umask to allow group
permissions. After SUN added SVR4 semantics to SUNOS, we had to set
the mount option to keep the old BSD semantics; which we did. Users
liked the results and I never encountered any security problems caused
by it. I don't believe I was the only person to ever have though of
taking advantage of the BSD group semantics in this way.
I think the BSD group semantics mount option is preferred over the
setgid directory approach as this allows easier deviation from whatever
is chosen as the default policy.
The security issues are worth considering, but I bet the reduced user
errors in setting file permissions in shared directories will make up
for any bugs in applications which might cause problems under these
conditions. Also, these bugs can be fixed, while user errors are hard
to avoid with the System V method of newgrp, chgrp, chmod, etc.
Any user confusion which may result should easily be handled by
documenting in ALL the appropriate man pages (perhaps by brief
references) what the behavior is and why.
Rather than "I fear change" postings I would rather see this proposal
discussed on its technical merits by people who have tried it or
at least understand it and have thought it through.