[NCLUG] Why one group per user and SGID home dirs
S. Luke Jones
luke at frii.com
Wed Feb 21 09:39:01 MST 2001
Mike Loseke wrote:
> Giving each user a group with his name may have been done to cater to
> those new to *nix so as to not confuse them. That's the only reason I can
> think of anyway. Adding sgid to a user's home dir just promotes lazy and
> sloppy users. /home/user is for 'user' and him only. Nobody else needs to
> be writing files in there. This should be used in project dirs where that
> sort of behaviour is desired and/or required but not across the board,
I generally agree with Mike. Users should be taught to manage their own
permissions and 'umask' can backstop them until they figure out what
they're doing.
Here's a question for you experienced Bof###system admins: how do you
structure directories to accomodate multi-user projects? Let's say that
users Alan, Bob, and Charlie are all part of the Foobar team. You make
a group "foobar" and add them all to it, yes? Then you need to find a
spot in the filesystem for them to share: do you coach "alan" about how
to make a navigable path (setting g+rx on directories, etc.) to some
directory he manages, or do you make a new directory somewhere else.
If the latter, where?
What I do (for all my users :-) is create a new user "foobar" and let
RedHat's useradd policy create a group and the /home/foobar directory.
Then I make ~foobar group accessible (chmod g+rwx ~foobar) and lock
the account so nobody can login as foobar. Finally, I add Alan, Bob,
and Charlie to the group "foobar".
I'd appreciate any suggestions for improving this scheme.
--
Luke Jones luke vortex frii fullstop com
More information about the NCLUG
mailing list