Please, note that's my own criteria. - Each new user must have their own group to prevent security issues. - Most of users are per-app users, following (more or less Android methods). So only real (login) users are added manually in the GID=100. Thus they can share what they want only who then want with no acl complexity. Toni Mas GPG 3F42A21D84D7E950 Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ El divendres, 21 de gener 2022 a les 18:51, Thomas Hochstein <thh@thh.name> va escriure: > Roberto C. Sánchez schrieb: > > > > > New users have gid 100 set as their primary group by default. So, new > > > > > > > > users are members of the group without having to be added to the group > > > > > > > > in /etc/groups. > > That depends on your configuration. > > | # /etc/adduser.conf: `adduser' configuration. | # See adduser(8) and adduser.conf(5) for full documentation. [...] | # The USERGROUPS variable can be either "yes" or "no". If "yes" each | # created user will be given their own group to use as a default. If | # "no", each created user will be placed in the group whose gid is | # USERS_GID (see below). | USERGROUPS=yes | | # If USERGROUPS is "no", then USERS_GID should be the GID of the group | #` users' (or the equivalent group) on your system. > > | USERS_GID=100 > > > Quite right. It seems that I probably made that change a very long time > > > > ago, long enough ago so that it just seemed like the standard > > > > configuration to me. > > > From https://wiki.debian.org/UserPrivateGroups: > > | Debian has been using (creating) user private groups by default almost > > | from the beginning. However, UPGs where not fully enabled on newly > > | installed systems since release 2.2., because the central umask > > | adjustment for UPGs, as configured in /etc/login.defs, was broken with > > | the inclusion of PAM. This feature was only reintroduced with > > | libpam-umask in release 6.0 (Squeeze). > > -thh
Attachment:
signature.asc
Description: OpenPGP digital signature