Re: Development permissions

To: debian-user@lists.debian.org
Subject: Re: Development permissions
From: Reco <recoverym4n@enotuniq.net>
Date: Fri, 24 Sep 2021 16:11:58 +0300
Message-id: <[🔎] E1mTkze-00C7vi-Iw@enotuniq.net>
In-reply-to: <[🔎] ba311b7c-b924-f0af-7a77-42ebfc1832f9@rsh2.donotuse.de>
References: <[🔎] f7d98d3a-54e1-940f-9092-14766422b88f@quillandmouse.com> <[🔎] E1mSw88-00B7yg-NM@enotuniq.net> <[🔎] 2b1095be-2945-daf8-aec3-136c7da5a0f6@rsh2.donotuse.de> <[🔎] E1mThUq-00C7hn-S1@enotuniq.net> <[🔎] ba311b7c-b924-f0af-7a77-42ebfc1832f9@rsh2.donotuse.de>

	Hi.

On Fri, Sep 24, 2021 at 11:47:20AM +0200, Alex Mestiashvili wrote:
> On 9/24/21 11:27 AM, Reco wrote:
> > 	Hi.
> > 
> > On Fri, Sep 24, 2021 at 10:22:00AM +0200, Alex Mestiashvili wrote:
> > > On 9/22/21 8:53 AM, Reco wrote:
> > > > 	Hi.
> > > > 
> > > > On Tue, Sep 21, 2021 at 11:09:41PM -0400, Paul M. Foster wrote:
> > > > > Without setting directory and file permissions to 777, how do you
> > > > > allow the above? What combinations of groups, directory
> > > > > owners/permissions and file owners/permissions might make this
> > > > > possible?
> > > > 
> > > > Solution #1:
> > > > 
> > > > 1) Make a group, add users to it.
> > > > 2) Chgrp directory to the group from step 1.
> > > > 3) Set directory permissions to 2770 (i.e. you will need setgid on
> > > > directory), or 2775 if you need world-readable directory.
> > > > 4) Ensure users' umask is set to 0007.
> > > > 
> > > > 
> > > > Solution #2:
> > > > 
> > > > Set ACL to u:<user>:rwx on a directory, and make sure it made to the
> > > > "default" set of permissions (i.e. you'll need setfacl -d).
> > > 
> > > In addition to umask and acl, there is also a FUSE based bindfs.
> > 
> > FUSE = slow + CPU wastage
> 
> Well, fast enough and CPU time is cheap ;)

An old argument. How exactly I can replace CPU on my Raspberry Pi 1B
which is still in service and doing its job?


> Setting umask might be insecure/problematic for non-unix people.
> Not every filesystem support ACL.

Every filesystem that's worthy of such title does support ACL.
Inperfect filesystems do not indeed, but replacing a filesystem is much
easier than replacing a CPU.


> Bindfs is just another useful tool...

That's something I agree with. Every tool has its purpose, and surely
bindfs has one too. But using a tool outside of its purpose instantly
transforms a tool to a kludge.


> > Using a filesystem the way it was intended is much cleaner solution.
> ACL is a workaround for the "intended unix permissions" isn't?

That's one option about it. Another one is ACL is an evolution of POSIX
filesystem permissions.
Whichever you prefer, of course.

Reco

Reply to:

References:
- Development permissions
  - From: "Paul M. Foster" <paulf@quillandmouse.com>
- Re: Development permissions
  - From: Reco <recoverym4n@enotuniq.net>
- Re: Development permissions
  - From: Alex Mestiashvili <amestia@rsh2.donotuse.de>
- Re: Development permissions
  - From: Reco <recoverym4n@enotuniq.net>
- Re: Development permissions
  - From: Alex Mestiashvili <amestia@rsh2.donotuse.de>

Prev by Date: Re: Development permissions
Next by Date: Re: Privacy and defamation of character on Debian public forums
Previous by thread: Re: Development permissions
Next by thread: Re: Development permissions
Index(es):
- Date
- Thread