private group administration

Matthew Woehlke mw_triad at users.sourceforge.net
Sat Oct 18 00:12:44 UTC 2008


Les Mikesell wrote:
> Lutz Lange wrote:
>>
>> i was thinking about user creation and group administration. Every user
>> gets his own private group when he is created. And the motivation for
>> that is to avoid users sharing files with all other users to per default
>> right?
> 
> Not exactly.  Having your own private group assigned from the start 
> makes it possible to use a default umask that gives group access to your 
> files without actually giving anyone else access yet.  That means 
> when/if you do want to let someone else have access, you don't have to 
> go back and change the permissions on all your existing files and 
> directories.

...which means as soon as you save something to a setgid directory, you 
just gave the world (or at least, some larger group) write permission to 
your files. Personally I always considered umask 002 to be Evil. Better 
to make it hard to intentionally grant others write for your files than 
to make it easy to accidentally give write permission that you didn't 
want to give.

If 'chmod g+w file;chgrp foo file' is too much work then there should be 
a command that can do both.

-- 
Matthew
Please do not quote my e-mail address unobfuscated in message bodies.
-- 
When on POSIX, do as POSIX mandates.




More information about the fedora-devel-list mailing list