[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: user private groups and a src group

Ian Jackson writes:
> Summary: every one of Paul Vojta's points is unsound.
> NB: beware of the fallacy `he has so many arguments that some of them
> have to be right.'

	The contrary applies to you, I fear.  Beware of the fallacy `Mr
Jackson only says that others' arguments are non arguments so he must be
right' :-)

> Paul Vojta writes, regarding the private groups proposal:
> > 3.  We'll be continually burdened with newbies asking why we adopted this
> >     weird system.
> This is false, I believe (anyone who notices and wonders will probably
> be clueful enough to find the FAQ or an appropriate manpage).

	Hmmm, do you really believe that newbies read the FAQ before posting
to the newsgroups or to the lists?

> Even if it were true to a small extent, if we are to allow this kind
> of argument to prevail we might as well give up trying to make Debian
> look like Unix.

	I do not understand what you mean.  Debian is intended to be a
distribution based on a Unix-like kernel.  People who will get Debian will
want to have a Unix-like system on their PC.  If we make Debian look like
Unix, everything will be fine.  On the contrary, if we `give up trying to
make Debian look like Unix', there will be lots of questions related to
the differences between Debian and Unix.

> > 7.  It does not completely solve the problem.  As Remy Card recently pointed
> >     out in his message, it has no facility for preventing two users from
> >     simultaneously editing the same file.  For this reason one may even regard
> >     the proposal as dangerous.
> No, Remy Card has merely pointed out that it doesn't solve a different
> problem.

	You did not understand my mail (maybe I did not express myself very
well after all or maybe you do not want to try to understand the opinions of
other persons).

> > 8.  Other solutions exist, viz. RCS.  I have never used RCS myself, as I
> >     have not collaborated on any software with anyone else on the same machine.
> >     However, I would like to respond to something that you wrote in response
> >     to Remy Card's message:
> No, RCS is a solution to a different problem.  In fact, as Matt
> Birkholz points out it needs something like the private groups
> arrangement to work correctly, unless it is to be set-id (urgh!).

	Version control systems are another solution to the very same problem.
They do not require the private-groups arrangement and they do not require
to be setuid root to work.  Lots of sites use RCS and CVS without any problem.

> Most files in the filesystem should look like they were created with
> the default umask of 002, and be owned by an appropriate group.
> Directories should have the setgid bit set in most cases.
> For example, the news data and spool areas (/var/{lib,spool}/news)
> should be 2775 news.news, so that the news administrator can just
>  /usr/lib/news/bin/maint/addgroup site.local.foo.bar.wombat y
> without having to mess around with `su' or `really'.

	Hey, you are talking about system administration here.  This does not
apply to shared projects.

> >         If we take it as the default, why wouldn't we want it to be
> >         excellent right from the start?
> > 
> > For my purposes it's excellent the way it is, thank you.
> That is a very selfish attitude.  Why screw up many people's systems
> just because `for my purposes it's excellent [this way]' ?

	And, why screw up many people's systems just because `I have thought
of a personal solution to a problem and I have implemented it for anybody
whithout considering other solutions'?

> False.  The conventional umask of 002 *doesn't* work.  Don't try to
> tell me that it does - I've been on systems where it has been tried.
> Don't try to tell me I don't know how, either - at least not without
> coming up with your description of how it should be done (NB RCS is
> *not* the answer here: as Matt points out, it's the answer to a
> different problem).

	FYI, RCS works with a umask set to 027 here if you only care to set
mode 770 to directories in the repository.  And, as I stated in previous mails,
version control seems are another solution to the same problem.

> > His reasons were (A) we need uid==gid,
> Please stop calling it `uid==gid', you'll just confuse people
> (yourself included, it seems).

	Hmmmm, from your summary on March 21st, I read:
  1. Each user gets their own private group.  Their gid = their uid
     and their group name is the same as their username.

> > Let's step back for a minute and think about the general situation.
> > The problem that Ian's method addresses is not specific to Linux; it is
> > equally likely to happen on any Unix or Posix system.  Ian's solution uses
> > methods that are not specific to Linux; they could be used on any Unix or
> > Posix system.  Why has nobody else implemented this as a standard part of
> > a distributed system?
> This is a fallacious in two ways.
> Firstly it is of the form `noone else has done this so it must be
> bad', and secondly the premise (that noone else has done it) is false.
> You should know this as several people, myself included, have posted
> to this list to say so.

	But I don't know about any Unix-like distribution which has enforced
it as the default.  If the proposal can be a solution to the problem (IMO, it
is not the only solution), let's include it in Debian but let the users choose
it or no (either by an installation option, or by providing runtime options).

> However, having said that, I'm convinced that in practice noone other
> than those whose uids and gids are constrained by their site would
> bother, because this scheme will cause problems for noone !

	Well, Linux is used in networked environments where constraints exist.
Your proposal does not work in such environments so it is useless for people
using Linux networks cooperating with other servers.  This looks like a big
restriction (unless you intend to distribute Debian for use on a home computer

> Ian.
> PS: I'd be very grateful if people would actually read the messages
> that are posted before trying to respond.

	Maybe you should show the example.  Why don't you try to read the
messages and *understand* their contents before replying?

Remy Card

"Build a system that even a fool can use and only a fool will want to use it"

Reply to: