Re: Re (2): Can't create folder on empty partition - suspect permission issue

To: debian-user <debian-user@lists.debian.org>
Subject: Re: Re (2): Can't create folder on empty partition - suspect permission issue
From: Joel Rees <joel.rees@gmail.com>
Date: Sun, 29 Sep 2013 02:39:26 +0900
Message-id: <[🔎] CAAr43iOLHo-xxJumFbvFOpVJgJeGo9wA3PuAO9aZ2+O8Tqpnog@mail.gmail.com>
In-reply-to: <[🔎] E1VPiir-0003dc-GX@dalton.invalid>
References: <[🔎] 5245CCD2.9010107@cloud85.net> <[🔎] CAAr43iMgyG7Gong79948zLE4o_3k1Qu+zgrz-5_L1iS2D1XrdA@mail.gmail.com> <[🔎] E1VPiir-0003dc-GX@dalton.invalid>

On Sat, Sep 28, 2013 at 9:49 AM,  <peasthope@shaw.ca> wrote:
> From:   Joel Rees <joel.rees@gmail.com>
> Date:   Sat, 28 Sep 2013 09:05:33 +0900
>> ... make all the users that write to it [a folder] members of the group.
>
> If you don't object to the question, would those users tend to be
> people or projects or tasks?

Good question!

Answer: Yes. ;-)

Okay, okay, I'll unpack that.

We tend to think of user ids in a system as being one-to-one mapped to
the people using the system. That is a wrong way to think. (And one of
the reasons ACLs are just plain wrong.)

Trying to generalize without getting too abstract, your personal
computer needs at least an admin user (besides root) and a personal
user for general tasks and a personal user for bank access, etc.
(Ideally, we'd have user ids for pretty much every task we have, but
we don't really have the tools for managing so many users and for
using them meaningfully. Generating a jailed session for the browser
when you go surfing is still not exactly easy to fit into your
workflow.)

When a computer or a network is used for community tasks and projects,
that task or project needs a user id and a resources assigned to it.
It may work better to have a password shared by members of the task
group, so they can log on as the task user, or it may work better to
not allow the project virtual user to log in, all access to the
project resources by membership in the project group. But each user
that will access the task/project resources will need to be members of
the system group assigned to the task/project.

Daemons are actually just managers of shared resources, which is why
they tend to have user and group ids (and resources) assigned to them.

Thanks. I've been trying to put up an explanation of this in my blog
for quite a while. This is about as cogent an explanation as I've come
up with yet. Maybe it will help me produce a proper blog post (if
there is such a thing :^|)

--
Joel Rees

Be careful where you see conspiracy.
Look first in your own heart.

Reply to:

References:
- Can't create folder on empty partition - suspect permission issue
  - From: Richard Owlett <rowlett@cloud85.net>
- Re: Can't create folder on empty partition - suspect permission issue
  - From: Joel Rees <joel.rees@gmail.com>
- Re (2): Can't create folder on empty partition - suspect permission issue
  - From: peasthope@shaw.ca

Prev by Date: Problem getting compose-key to work with .XCompose
Next by Date: Strange Package Behavior
Previous by thread: Re (2): Can't create folder on empty partition - suspect permission issue
Next by thread: Re: Can't create folder on empty partition - suspect permission issue
Index(es):
- Date
- Thread