From owner-freebsd-questions@FreeBSD.ORG Wed May 11 17:37:35 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 27DDD16A4D0 for ; Wed, 11 May 2005 17:37:35 +0000 (GMT) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8BD7343D31 for ; Wed, 11 May 2005 17:37:34 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id B16015E64; Wed, 11 May 2005 13:37:33 -0400 (EDT) Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 62297-09; Wed, 11 May 2005 13:37:33 -0400 (EDT) Received: from [192.168.1.3] (pool-68-161-53-96.ny325.east.verizon.net [68.161.53.96]) by pi.codefab.com (Postfix) with ESMTP id BEF445C82; Wed, 11 May 2005 13:37:32 -0400 (EDT) Message-ID: <428242D7.6040103@mac.com> Date: Wed, 11 May 2005 13:37:27 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: David.Bear@asu.edu References: <20050511165506.GC10213@asu.edu> In-Reply-To: <20050511165506.GC10213@asu.edu> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at codefab.com cc: freebsd-questions@freebsd.org Subject: Re: user owned groups X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2005 17:37:35 -0000 David Bear wrote: > I've noticed that with some Linux distributions the default behavior > of creating user accounts created the group with the same name as the > user, and made that group the primary group of the user. There are > other linux distributions that the throw all users into a default > group named users. Good observation. :-) > Freebsd does the first. Assuming that Freebsd was designed to be more > secure from the start, I am assuming that creating a group for each > user was also deemed a security plus. > > Are there any documents explaining the reasoning behind this? Sure. "man 2 umask" and "man chmod". If all of the users have their default group be staff or some such, anyone can change any file which is group-writable. If each user has their default group be a unique group (with UID==GID), then users can safely use a 002 umask, without worrying about their files being stolen or changed by other users, and yet still use group accounts to work with other users when they do want to share files with. Hunt down the thread "Re: Default permissions of /home/user.." (search for msg-id <417C1FB9.2090909@mac.com>) for more discussion on this topic. -- -Chuck