private group administration
Les Mikesell
lesmikesell at gmail.com
Fri Oct 17 17:05:10 UTC 2008
Lutz Lange wrote:
>
> i was thinking about user creation and group administration. Every user
> gets his own private group when he is created. And the motivation for
> that is to avoid users sharing files with all other users to per default
> right?
Not exactly. Having your own private group assigned from the start
makes it possible to use a default umask that gives group access to your
files without actually giving anyone else access yet. That means
when/if you do want to let someone else have access, you don't have to
go back and change the permissions on all your existing files and
directories.
> tux at somewhere ~> vi .bashrc
> umask 077
Don't forget to compliment the bits. The default umask 002 gives group rwx.
> All right it might not be in my best interest to share something in my
> home dir, or if i do i have to be very careful about the permissions
> there...
No, the point of the private group is to permit access to everything
that is yours. If you don't want that, make a new group with the
appropriate set of users added and use that group ownership instead of
your own.
> But i still thinks a user should be in control of his private group.
> )
>
> But he is not. This has to be set explicitly by the entity that creates
> the user. I wonder what the reasoning is/was behind that.
>
> Why is a user not made administrator of his private group per default?
Think of common multiuser scenarios - like an office or school.
Individuals are typically not in charge of their collaborative groups -
that will be assigned by someone else.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-devel-list
mailing list