Date: Sun, 5 May 1996 09:04:49 -0500 (CDT) From: Alex Nash <alex@zen.nash.org> To: jarekb@pap.waw.pl Cc: freebsd-security@FreeBSD.ORG Subject: dot.cshrc and weird umask value Message-ID: <199605051404.JAA01310@zen.nash.org>
index | next in thread | raw e-mail
> Can anyone tell me why on FreeBSD (the same with BSD/OS) there is the umask
> value 2 ???? This simply couses producing group writable files. Imagine the
> person which created .forward file, anyone in his group can modify this to
> reforward files or duplicate mails.
>
> This is in /usr/share/skel/dot.cshrc. I know that everyone can set proper
> value of umask but some not experienced users do not know about it. And even
> experienced administrators belive that the distribution skeleton files are
> good enough to copy then into user directory. Is there a reason for this ????
The man page for adduser(8) has a good writeup on this:
UNIQ GROUP
Perhaps your missing what *can* be done with this scheme that falls apart
with most other schemes. With each user in his/her own group the user
can safely run with a umask of 002 and have files created in there home
directory and not worry about others being able to read them.
For a shared area you create a separate uid/gid (like cvs or ncvs on
freefall), you place each person that should be able to access this area
into that new group.
This model of uid/gid administration allows far greater flexibility that
lumping users into groups and having to muck with the umask when working
in a shared area.
I have been using this model for almost 10 years and found that it works
for most situations, and has never gotten in the way. (Rod Grimes)
Alex
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605051404.JAA01310>