[NCLUG] Why one group per user and SGID home dirs

S. Luke Jones luke at frii.com
Wed Feb 21 11:30:30 MST 2001


Matt Taggart wrote:
> And without a group per user then a user can't open up their umask to take 
> advanage of such behavior.

I follow your reasoning, Mike, I think, so let me rephrase it here.

You only have one umask so you have to pick whether you want it open
or closed. If you open it up for a group, then you want to be sure
that it's for the right group.  By setting the setgid bit for a shared
directory, you can ensure that users get the "right" group when they're
working in a shared directory and when they're in their home directory.

Way back in the day, I was taught by my bearded road-apple colleagues
that the way to handle this was to execute a "newgrp" command when
you want to change the default group affiliation. So if I'm working
in the shared project directory, I have done "newgrp project" first,
and when I'm done, I go back to my own directory and do ^D to go back
to my stock group affiliation.

I still think I'd rather have people default to a closed-down umask
until they understood permissions and then teach them to use explicit
actions to change permissions rather than rely on some magic bits
to do the "right" thing in whatever directory they're working in.

-- 
Luke Jones  luke vortex frii fullstop com



More information about the NCLUG mailing list