[OpenAFS-devel] Re: [OpenAFS] 2.6 kernel support anytime soon? Workarounds?
Matthew Miller
mattdm@mattdm.org
Wed, 12 May 2004 11:24:11 -0400
On Wed, May 12, 2004 at 11:17:07AM -0400, Kris Van Hees wrote:
> The only reasoning I ever saw for this practise (can't remember where, it
> was quite a while back) was to offer basic "security" to people who were
> careless with modebits. The idea was that since the default umask is
> commonly set to 022, creating users with gid == uid would at least ensure
> that people would still not be able to read eachothers' files by default.
It's more practical than that. With per-user groups, the default umask can
be set to 022 intentionally -- not carelessly at all. Then, directories
which are shared by several users collaborating -- www, or whatever, can be
owned by a project group, and set to mode 2775. Then, new files created in
that directory are automatically shared, with no need for users to mess with
modebits or umasks or anything.
This may be a bit strange, but it's also simple, elegant, and perfectly
conventional and supported beautifully by traditional Unix permissions.
Whereas putting people into groups at random is not. :)
--
Matthew Miller mattdm@mattdm.org <http://www.mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>