[NCLUG] Why one group per user and SGID home dirs

Evelyn Mitchell efm at tummy.com
Tue Feb 20 19:33:38 MST 2001


On Tue, Feb 20, 2001 at 05:22:29PM -0700, Matt Taggart wrote:
> 
> Per-user groups are very meaningful, and are a good demonstration of why 
> Debian is a superior OS to many others.

Actually this is not Debian-specific, most Unix/Linux systems will allow
this.

One of the strategies for securing systems is to use fine-grained access
control lists, including per-user groups. This allows you to 'step up'
to the more general access, if allowed, only when absolutely required.
A nice thing, if you've ever done an 'rm -rf' from / 
A very different experience than if you run as root all the time (not
recommended, NOT RECOMMENDED!).
If you are a normal user, 'rm -rf' in / will give you a few seconds
to smack your forehead and hit ctrl-c, before getting to your owned
files. If you're root.. break out the backup tapes.

efm



More information about the NCLUG mailing list