Re: the point of user groups?

[Cameron Hutchison <camh+dl@xdna.net>]

Once upon a time martin f krafft said...
> adduser on a default Debian system will create a new group for each
> new user, and make e.g. /home/joe be joe:joe. Why?
> 
> joe is *not* given rights to add members to the group. So what's the
> point? I think this is a RedHat-ism, and I think they never had
> a real reason.
> 
> Maybe I am also just overlooking the detail. Then please whack me
> with the clue stick.

As I understand it, the purpose of giving each user their own group is
to allow effective use of set-gid directories.

Files created in set-gid directory are created with the group the same
as the directory instead of the gid of the user creating the file. This
allows you to define various workgroups in the /etc/group file and have
different working directories for those workgroups. Each working
directory has a group id of the workgroup and a mode of 2775, allowing
all members of the group to create files in that directory.

To have this work effectively, users need to have a umask of 002 - files
are created group writable. Otherwise a user will have to manually chown
a file in a workgroup directory to allow other members of that workgroup
to make changes to the file - a process that is usually forgotten.

If a user is to have a 002 umask, then their personal files will also be
group writable by default. If all users are in the same group (users),
then they will be able to modify each other's personal files. By giving
each user their own group, this issue is resolved.

This scenario is predicated on an open, collaborative environment where
users trust each other not to bugger up the shared work. If such a work
environment does not exist, there is little benefit to each user having
their own group.