On Thu, Aug 24, 2000 at 11:34:37AM +0000, Lars O. Grobe wrote: > Hi! > > First - I'm new to the list. I used debian some time ago and now > I'm thinking about installing it on a server machine at university. > > How many groups can a user have? I want to use a private groups > concept with >300 users, and my admins must be members of all private > groups because I want them to be able to r/w into the 2770ed-homes > of the users - and avoid that one must change owner every time an > admin has copied into a user's home. first, why should the admins have write permission to everyones home directory? why do they need to go mucking around in your user's files? personally i would find this quite obnoxious and besides that i never leave my $HOME writable by anyone but me. (also remember ssh will bitch about those unsecure permissions) now ignoring the above, adding an admin to 300 groups is both inefficient and silly, it would be better to simply set the permissions on the home directories to 770 group `users' and make the admins members of that group (or maybe group staff) however i would suggest going about this differently, give users a private group, but set the home directory permissions to 750 or 710 group users. make everyone a member of group users and put a directory ~/incoming with permissions like 3775 group users (or group staff if you only want admins to have writability here) (you can use /usr/local/sbin/adduser.local to take care of fixing the permissions when the user is created, see man adduser) i really think giving all the admins write permission to all users $HOME is a bad idea, what if one accidently runs rm -rf / as themself? ordinarily all that would remove is thier own files, but in your scheme every user on the system will lose data, you might as well have all your admins running around as root all the time. > In SuSE, the number of groups is limited (AFAIK to 20), so I can't use > this concept. What about debian? this is a kernel issue not a distribution one, this limit will likely be the same on all distributions. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpLRegzLLaiQ.pgp
Description: PGP signature