[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: private group administration



Les Mikesell wrote:
Lutz Lange wrote:

i was thinking about user creation and group administration. Every user
gets his own private group when he is created. And the motivation for
that is to avoid users sharing files with all other users to per default
right?

Not exactly. Having your own private group assigned from the start makes it possible to use a default umask that gives group access to your files without actually giving anyone else access yet. That means when/if you do want to let someone else have access, you don't have to go back and change the permissions on all your existing files and directories.

...which means as soon as you save something to a setgid directory, you just gave the world (or at least, some larger group) write permission to your files. Personally I always considered umask 002 to be Evil. Better to make it hard to intentionally grant others write for your files than to make it easy to accidentally give write permission that you didn't want to give.

If 'chmod g+w file;chgrp foo file' is too much work then there should be a command that can do both.

--
Matthew
Please do not quote my e-mail address unobfuscated in message bodies.
--
When on POSIX, do as POSIX mandates.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]