From owner-freebsd-questions@FreeBSD.ORG Sat Apr 19 16:33:56 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A5C0D1065671 for ; Sat, 19 Apr 2008 16:33:56 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from be-well.ilk.org (dsl092-078-145.bos1.dsl.speakeasy.net [66.92.78.145]) by mx1.freebsd.org (Postfix) with ESMTP id 69A608FC1A for ; Sat, 19 Apr 2008 16:33:56 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from Lowell-Desk.lan (Lowell-Desk.lan [172.30.250.6]) by be-well.ilk.org (Postfix) with ESMTP id 7AB0F28459; Sat, 19 Apr 2008 12:33:53 -0400 (EDT) Received: by Lowell-Desk.lan (Postfix, from userid 1147) id DD6CB1CC36; Sat, 19 Apr 2008 12:33:52 -0400 (EDT) To: prad References: <480757F8.7050702@radel.com> <20080417174703.141f63b7@gom.home> From: Lowell Gilbert Date: Sat, 19 Apr 2008 12:33:52 -0400 In-Reply-To: <20080417174703.141f63b7@gom.home> (prad@towardsfreedom.com's message of "Thu\, 17 Apr 2008 17\:47\:03 +0000") Message-ID: <447iethki7.fsf@Lowell-Desk.lan> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.1 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-questions@freebsd.org Subject: Re: Username & groups X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Apr 2008 16:33:56 -0000 prad writes: > On Thu, 17 Apr 2008 10:00:24 -0400 > Jon Radel wrote: > >> Other things being equal, it's better >> to have all users use their own login group and then add them to >> additional groups as appropriate. >> > jon, > > i have always been curious about this. why is it better for a user to > be in his own group? on slackware i recall users all went into the > users group. > > one benefit i can see is that if a user has his own group then you > can effectively give others access to certain files by adding them to > that users group. > > are there other reasons? >From adduser(8): Perhaps you are missing what can be done with this scheme that falls apart with most other schemes. With each user in their own group, they can safely run with a umask of 002 instead of the usual 022 and create files in their home directory without worrying about others being able to change them. For a shared area you create a separate UID/GID (like cvs or ncvs on freefall), you place each person that should be able to access this area into that new group. This model of UID/GID administration allows far greater flexibility than lumping users into groups and having to muck with the umask when working in a shared area.