[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: user private groups and a src group

Andrew Repton <andy@pteron.demon.co.uk> writes in part:
> Firstly let me say that we are considering this proposal at work as it
> appears to solve our problems regarding project access.
> During the consideration an interesting point was raised. Our network is
> soon to be on the Internet. It has been stated elsewhere that it is a
> *BAD THING* to have as default world readable files, as this allows
> potential hackers (in the newspaper sense of the word) access to 
> information that could be used in their hacking. The 'traditional' way
> around this would be to place our local users in a local group, so that
> they can read the necessary files and make the umask 027. If we use the
> proposal then the above does not work. So what is the best way of
> approaching the problem of giving read access to local users whilst
> keeping out non-local users?

I may be misunderstanding something in you situation, but I don't
see why 027 or 007 (The James Bond umask :-) won't suit you.
I mean 7 for others means don't give them any permissions -- isn't
that what you want?

> PS AEGIS had the solution - Access Control Lists! Now where is my
> Apollo.....

ACLs?  Bah.  If people don't understand groups then they'll have
no chance with ACLs.

	-Matt Hannigan

Reply to: