[NCLUG] Why one group per user and SGID home dirs

Charles Clarke clarke at clarkecomputer.com
Wed Feb 21 00:30:11 MST 2001 

If they want files in their home directory to be confidential, then 
their home directories shouldn't be readable or executable by anyone.

So, how is this better than a group 'users', a group 'project', home
directories with 700(or group 'users' and 2700), project directory with
2770 and umasks of 002?  You could even put both of them in the group
'project' and not even have them in the group 'users'.

charles

On Tue, 20 Feb 2001, Matt Taggart wrote:

> Date: Tue, 20 Feb 2001 17:22:29 -0700
> From: Matt Taggart <taggart at carmen.fc.hp.com>
> Reply-To: nclug at nclug.org
> To: nclug at nclug.org
> Subject: [NCLUG] Why one group per user and SGID home dirs
> 
> At an NCLUG meeting a few months ago a few of us were talking about how 
> Debian(and maybe RedHat?) creates a separate group per user and makes the 
> user's $HOME setgid to that group. I was describing something I had read about 
> it but couldn't remember all the details. I found it again, it was a post to 
> the debian-devel mailing list and was covered by Linuxcare's Kernel Cousin 
> Debian,
> 
> http://kt.linuxcare.com/debian/dd20010105_17.epl#2
> 
> Here's the explaination,
> 
> ------------------------------------------------------------------------------
> Let's say you have a pair of users, Jose and HoseB, each with home directories 
> in /home, with a single-user group each. They have some confidential files 
> which they keep in their home directories and want to hide from each other.
> 
> They also work on a project together, in /project. They have another group, 
> which they both belong to, and all the files in /project use that GID. There 
> are other users on the system who are not working on the project and who 
> should not be able to look at /project.
> 
> Jose and HoseB can set their umask to allow group read/write by default. When 
> they write to their home directories, the files belong to their individual 
> user groups, so nobody else can read them. When they write in /project, the 
> files belong to the project group, so they can both read them. And nobody 
> except Jose and HoseB can read the files in /project either, because they're 
> not world read/writable.
> 
> Now, imagine if Jose and HoseB shared a 'users' group, which their home 
> directories used, as well as the project group. When they write to their home 
> directories, their files end up group read/writeable to all users!
> 
> Or if they set their umask to allow user read/write only, then they end up 
> with files in /project which the other person can't read. They have to 
> remember to fix file permissions all the time.  [...]
> 
> Per-user groups are very meaningful, and are a good demonstration of why 
> Debian is a superior OS to many others.
> ------------------------------------------------------------------------------
> 
> Pretty cool.
> 
> -- 
> Matt Taggart
> taggart at fc.hp.com
> 
> 
> _______________________________________________
> NCLUG mailing list
> NCLUG at nclug.org
> http://www.nclug.org/mailman/listinfo/nclug
> 


--------------------------------------------------------------------------
 Domain hosting from $15/month with error log analysis and link checking.
 http://www.clarkecomputer.com/sig.html       domains at clarkecomputer.com

More information about the NCLUG mailing list