[NCLUG] Why one group per user and SGID home dirs

Mike Loseke mike at verinet.com
Wed Feb 21 11:31:03 MST 2001


Thus spake Matt Taggart:
> 
> Mike Loseke writes...
> 
> > This should be used in project dirs where that
> > sort of behaviour is desired and/or required but not across the board,
> > IMO.
> 
> And without a group per user then a user can't open up their umask to take 
> advanage of such behavior.

 Remember, these are users we're talking about here. Say 'umask' to them
and 95% will commence with the drooling. I have a large user population
of very intelligent engineers but they still require a simple environment
in which to work.

 The ability to open their umask up is indeed useful, but only in certain
environments. We have a simplistic environment for complex groups which
allows them a huge amount of flexibility with no effort required by the
engineer (this is due in part to cross-site scalability). All users have
a default gid unique to their organization. The project dirs they create
are owned by that gid and all group members have the necessary rights to
read/write within. It's all open by default and the users are all familiar
with chmod to restrict or allow access as needed.

 The more complex projects (where different groups interact) have an
account which is either su'd to or a gid which is newgrp'd to.


-- 
   Mike Loseke    | If at first you don't succeed,
 mike at verinet.com | increase the amperage.



More information about the NCLUG mailing list