Date: Sat, 19 Apr 2008 12:33:52 -0400 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: prad <prad@towardsfreedom.com> Cc: freebsd-questions@freebsd.org Subject: Re: Username & groups Message-ID: <447iethki7.fsf@Lowell-Desk.lan> In-Reply-To: <20080417174703.141f63b7@gom.home> (prad@towardsfreedom.com's message of "Thu\, 17 Apr 2008 17\:47\:03 %2B0000") References: <ee9dc2b40804170319t4f86b5d2pd7ea1cf23adefd1a@mail.gmail.com> <480757F8.7050702@radel.com> <20080417174703.141f63b7@gom.home>
next in thread | previous in thread | raw e-mail | index | archive | help
prad <prad@towardsfreedom.com> writes:
> On Thu, 17 Apr 2008 10:00:24 -0400
> Jon Radel <jon@radel.com> wrote:
>
>> Other things being equal, it's better
>> to have all users use their own login group and then add them to
>> additional groups as appropriate.
>>
> jon,
>
> i have always been curious about this. why is it better for a user to
> be in his own group? on slackware i recall users all went into the
> users group.
>
> one benefit i can see is that if a user has his own group then you
> can effectively give others access to certain files by adding them to
> that users group.
>
> are there other reasons?
>From adduser(8):
Perhaps you are missing what can be done with this scheme that falls
apart with most other schemes. With each user in their own group, they
can safely run with a umask of 002 instead of the usual 022 and create
files in their home directory without worrying about others being able to
change them.
For a shared area you create a separate UID/GID (like cvs or ncvs on
freefall), you place each person that should be able to access this area
into that new group.
This model of UID/GID administration allows far greater flexibility than
lumping users into groups and having to muck with the umask when working
in a shared area.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?447iethki7.fsf>