[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: user private groups and a src group

I have been watching this thread for some time, but have not participated
until now because I was out of town for much of last week.

In his post of 8 March (which reignited the discussion), Ian Jackson writes:

	Scripts just don't cut it.  For starters, they either produce
	subshells which must be tediously nested, or have to be sourced or
	whatever and are thus a right royal pain.

One can use aliases to source commands.

	The one major system I came across recently where it wasn't done
	wished they had done it, but they couldn't now because they'd already
	assigned the uid/gid numbers and they were too hard to change.

This I don't understand.  What is the value of having gid=uid?  

	> Not many Linux users will have a use for it

	This is false.  For an example everyone can get to grips with, it
	allows members of the `src' group to recompile the kernel without
	having to mess around with umasks, strange shell incantations, etc.,
	and without having to su to root (principle of least privelige).

I disagree.  Outside of the kernel, how often is it really true that you
have multiple users working on common projects?  At the UCB math department,
for example, the vast majority of users do not collaborate at all.
Regarding the kernel example, it is a dangerous practice, IMHO, to allow
people to modify the kernel but not give them root access.  They would then
have both the ability and the incentive to introduce security holes into
the kernel.

	Please can we have this in before Debian 1.0 - otherwise we're going
	to find it virtually impossible to migrate, because all the
	installations will already have groups with the gids we're going to
	need to use.  This arrangement is quite hard to retrofit, but very
	easy and straightforward to do from the beginning.

Again, what is the benefit of having gid=uid?  This seems to be more of
a religious issue than anything else.  But if you abandon that requirement,
you can migrate quite readily from the old system to this one on an as
needed basis:  to switch joeuser to having his own group, just:

	1.  create a group named "joeuser" and add joeuser to it
	2.  chgrp -R joeuser ~joeuser
	3.  chmod g+s ~joeuser

So why don't we keep the default debian behavior as it is currently, and
allow an option in adduser (and /etc/defaults/adduser or wherever it is)
to use Ian's system?

--Paul Vojta, vojta@math.berkeley.edu

Reply to: