Date: Tue, 5 Nov 2002 13:00:54 -0600 From: "jnelson" <jnelson@rackspace.com> To: "'Eric Anderson'" <anderson@centtech.com>, "'Klaus Steden'" <klaus@compt.com> Cc: <freebsd-security@FreeBSD.ORG> Subject: RE: per-user groups Message-ID: <000d01c284fd$aa81a290$34002740@jnelson> In-Reply-To: <3DC80F76.4020909@centtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
" 'probably incorrect' " but I think he's exactly right. Users must belong to a group, so defaulting to creating their own bypasses this requirement--in essence. I've been using the same custom Zsh for so long that I don't recall what the default umask setting is, but I pretty sure 022 is it and not 002. I've heard talk of a new system of group/user permissions; is anyone working with that project? -j -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of Eric Anderson Sent: Tuesday, November 05, 2002 12:36 PM To: Klaus Steden Cc: freebsd-security@FreeBSD.ORG Subject: Re: per-user groups Klaus Steden wrote: > Can anyone explain to me the benefits of per-user groups? It seems to me that > modern *nix systems, FreeBSD included, create a new group for each user. > > Is there a security benefit (or some other benefit) to be had by this? Why has > it apparently been adopted as a convention by the free *nix flavours? My understanding (which is most probably incorrect), is that it is safer to assign a new group per user, then automatically default them to some set group. In other words - people are lazy, and so if that's true (it is), then they are likely to believe that the default is the best choice. If all users default to some standard group, then it is far easier to have accidentally set a file to mode 775 (or some such variant), and have the whole user base have rights to it, than a default group of the user itself - which would be limited. Eric -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology Beware the fury of a patient man. ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000d01c284fd$aa81a290$34002740>