[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: user private groups and a src group

powers@wsmr-emh91.army.mil (Carl Powers) writes

Matt Hannigan writes:
> > However Ian Jackson
> > and I are both convinced that this scheme will bring no real changes
> > to the vast majority of debian users anyway, and a significant
> > advantage to those few that want to take advantage of group
> > permissions.
> The difference between 'vast majority' and 'all' is 'some'.  Is
> that 'some' of less importance than 'those few' who would
> benefit from such a scheme?

Of course, I have no immediate answer for this -- it depends
on how big the "some" is and how large the dis/advantages.
My position is that "some" is tiny or non-existant.

>  You and Ian have proposed a perhaps
> simple and elegant solution to a problem affecting 'those few'.
> Wouldn't it be better to provide a solution only applicable to
> 'those few', which could be selected or retrofitted at install
> time?  I am one of the 'some'.  I desire to keep my uid and gid
> separate and different on my linux box at work, to match those
> on the non-debian system I am hosted on.  This avoids having to
> change ownership/permissions when transfering/downloading files
> between systems.

I have been trying to think of cases where incompatibilities
might arise, and this is one I had in mind (mentioned
before by someone actually).  However I don't think it really
is an incompatibility; read on.

Do you actually use the group permissions?  Do they in
fact affect anything you do?  The only reasons that I can think
that you would care what gid you have on transferred files are:

	1. Aesthetics.  You would rather see the (correct)
	groupname than a group id in the case that that the gid
	does not exist or exists and has different name

	2. Security.  You will get an incorrect group name in
	the case you had a different group name for the gid of
	the files that you transferred to your system. This is
	unlikely; most people have the same permissions for
	group as other, so this will not usually matter.

	3. The files are for a group project.  In this case, you
	are no longer one of the "some"; you are one of those who
	derive benefits from the scheme.

Moreover, you are probably using gnu's tar or some other version
of tar which doesn't store gids but groupnames, so you can get
away with using the same groupname rather than the same gid.
(anyone: Is this a posix thing with tar?)  If so, then points
1 and 2 are much less relevant.

> Incidentally, technical feasability and need do not constitute
> the sole arguments for implementing any such change.  You and
> Ian should be prepared to handle the 'philosophical' or
> 'religious' objections to such a change from the norm without
> insulting the intelligence of those who object.

Well I hope I'm never insulting; send me some personal email 
if I am.  On the other hand, you (the generic you) can only
go one so much about philosophical issues.  I would really
like to see an example of some incompatibilities.  The more
specific the example the better; a transcript of a sequence of
commands would be ideal.

Here is the crux of my argument:  if you don't use[1] gids, then
the change won't affect you other than some initial surprise[2];
if you do use gids, then it is going to greatly benefit you.

[1] use in the sense of having permissions affected by the group

[2] I stress that this is surprise in the simple sense; it won't
surprise you in the sense of who has and has not got permission
to write to your files.

	-Matt Hannigan

Reply to: