[NBLUG/talk] User groups in linux

Rob Orsini orsini at sonic.net
Mon Jun 28 22:22:02 PDT 2004


I've got some Redhat book that calls this the Red Hat User Private Group
scheme and explains it's for security in that users don't have access to
each others home directories.

May you sleep at night, now that you know the offical Red Hat name for
this. ;)

robble

On Mon, 2004-06-28 at 16:28, Steve Johnson wrote:
> Hey, great answer, that makes total sense.
> 
> -Steve
> 
> On Mon, Jun 28, 2004 at 04:06:51PM -0700, Eric Eisenhart wrote:
> > On Mon, Jun 28, 2004 at 04:01:52PM -0700, Steve Johnson wrote:
> > > I'm curious, a few years back, it seems all the Linux distros went
> > > from putting everyone into one group (users) and started putting each user
> > > account into its very own group (with the same name as the user).
> > > 
> > > Anyone know what the reasoning behind this was?  Is it a security issue?
> > 
> > My guess:
> > 
> > It allows the umask to be set to 0002 instead of 0022, which means that
> > files in a directory that are *supposed* to be shared (have a different
> > group than the user-specific group with multiple people in the group) get
> > the right permissions.
> > 
> > I've commonly run into problems with an 0022 umask and things like shared
> > web space, CVS repositories, etc.  Setting setgid on the directory doesn't
> > help any with an 0022 umask, but works *great* with an 0002 umask.
> > -- 
> > Eric Eisenhart
> > NBLUG Co-Founder & Director-At-Large
> > The North Bay Linux Users Group
> > http://nblug.org/
> > eric at nblug.org, IRC: Freiheit at freenode, AIM: falschfreiheit, ICQ: 48217244
> > 
> > _______________________________________________
> > talk mailing list
> > talk at nblug.org
> > http://nblug.org/cgi-bin/mailman/listinfo/talk





More information about the talk mailing list