Re: should not specify default group for users

To: lsb-spec@lists.linuxbase.org
Subject: Re: should not specify default group for users
From: Jim Knoble <jmknoble@pobox.com>
Date: Wed, 22 Mar 2000 20:39:07 -0500
Message-id: <[🔎] 20000322203907.F17471@ntrnet.net>
Mail-followup-to: lsb-spec@lists.linuxbase.org
Reply-to: Jim Knoble <jmknoble@pobox.com>
In-reply-to: <[🔎] Pine.LNX.4.10.10003221757090.30842-100000@yucs.org>; from Shaya Potter on Wed, Mar 22, 2000 at 06:08:24PM -0500
References: <[🔎] 852568AA.006D74E5.00@d54mta08.raleigh.ibm.com> <[🔎] Pine.LNX.4.10.10003221757090.30842-100000@yucs.org>

This debate is no longer productive.  As Alan Cox has already pointed
out, specifying a umask is a poor idea; default umasks fall under local
system or network policy.  I initially voiced approval for Jim
Kingdon's rewrite, but after much thought, i rescind that approval.

Specifying the default group to which a new user should belong is also
a poor idea.  As we have seen, some folks prefer a system-wide 'users'
group (e.g., joe:users), while others prefer user-private groups (e.g.,
joe:joe).  Some system administrators may even prefer several different
sets of system-wide groups.  The actual user/group scheme is best left
to local system and network policy.  The default user/group scheme is
best left to distribution vendors.

As far is distributions go, as long as the proper user and group
manipulation utilities are available ((user|group)(add|del|mod)), LSB
doesn't care what they do.  They are free to implement a useradd
utility that decides which group to which to add a given user based on
the number of vowels in the user's name, the date, the system load,
/dev/random, or any other heuristics.

As far as ISVs go, the default group to which a given new user belongs
has no bearing on most apps.  If a particular app must know about such
things, it cannot be LSB-compliant, since it has to know about
distribution-specific details.

LSB has no business specifying these items.  If we wish to make
recommendations, the following are important details:

  (1) Common user/default-group schemes include:

      (a) A many-to-one mapping, where new users are all added to a
          single default group, commonly 'users'.  In such a scheme,
          the default umask should usually be 0077.

      (b) A one-to-one mapping, where each new user is added to a
          private group containing only that user.  In such a scheme,
          the default umask is commonly 0007.

  (2) Distributions are free to implement new schemata or adapt the
      ones listed above.

  (3) System administrators are free to change their system's default
      user/group scheme or umask as they wish (and as the distribution
      allows).

  (4) Whatever a system's default user/group mapping, the user and
      group manipulation utilities (useradd, et al.) must function
      according to the LSB specification in order for the system to be
      LSB-compliant.

The rest is not up to LSB, in my humble but enlightened opinion.

Next topic, please.

-- 
jim knoble
jmknoble@pobox.com

På 2000-Mar-22 klokka 18:08:24 -0500 skrivet Shaya Potter:

[Stuff about users, groups, and umasks compressed with lossy algorithm.]

Reply to:

Follow-Ups:
- Re: should not specify default group for users
  - From: kaih@khms.westfalen.de (Kai Henningsen)

References:
- Re: should not specify default group for users
  - From: gk4@us.ibm.com
- Re: should not specify default group for users
  - From: Shaya Potter <spotter@yucs.org>

Prev by Date: Re: should not specify default group for users
Next by Date: Re: should not specify default group for users
Previous by thread: Re: should not specify default group for users
Next by thread: Re: should not specify default group for users
Index(es):
- Date
- Thread