[NCLUG] Why one group per user and SGID home dirs
Matt Taggart
matt at lackof.org
Wed Feb 21 10:23:06 MST 2001
Matt Taggart writes...
>
> Charles Clarke writes...
>
> > If they want files in their home directory to be confidential, then
> > their home directories shouldn't be readable or executable by anyone.
> > So, how is this better than a group 'users', a group 'project', home
> > directories with 700(or group 'users' and 2700), project directory with
> > 2770 and umasks of 002?
>
> With a setgid $HOME and all files/dirs owned by the user's private group then
> each user can do that and still keep their umask open so things in /project
> work right. If they were all in a "users" group then a umask of 002 would mean
> new files in their $HOME would have "users" group write access. They *might*
> be "protected" by the fact that the user has locked down the directory they're
> in but I think that's a bad policy. Does this make sense?
I think this statement still stands though.
--
Matt Taggart
matt at lackof.org
More information about the NCLUG
mailing list