From owner-freebsd-questions@FreeBSD.ORG Wed May 11 18:33:41 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 48D6616A4CE for ; Wed, 11 May 2005 18:33:41 +0000 (GMT) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA1BF43D78 for ; Wed, 11 May 2005 18:33:40 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id E950D5CA8; Wed, 11 May 2005 14:33:39 -0400 (EDT) Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 62527-09; Wed, 11 May 2005 14:33:37 -0400 (EDT) Received: from [192.168.1.3] (pool-68-161-53-96.ny325.east.verizon.net [68.161.53.96]) by pi.codefab.com (Postfix) with ESMTP id C96D25C85; Wed, 11 May 2005 14:33:35 -0400 (EDT) Message-ID: <42824FFA.4080603@mac.com> Date: Wed, 11 May 2005 14:33:30 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Lewis Thompson References: <20050511165506.GC10213@asu.edu> <428242D7.6040103@mac.com> <20050511174702.GA23222@noisy.compsoc.man.ac.uk> In-Reply-To: <20050511174702.GA23222@noisy.compsoc.man.ac.uk> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at codefab.com cc: David.Bear@asu.edu cc: freebsd-questions@freebsd.org Subject: Re: user owned groups X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2005 18:33:41 -0000 Lewis Thompson wrote: > On Wed, May 11, 2005 at 01:37:27PM -0400, Chuck Swiger wrote: >> If all of the users have their default group be staff or some such, anyone >> can change any file which is group-writable. If each user has their >> default group be a unique group (with UID==GID), then users can safely use >> a 002 umask, without worrying about their files being stolen or changed by >> other users, and yet still use group accounts to work with other users when >> they do want to share files with. [ ... ] > Can /home be configured so all files are created with permissions of > 0600 (or 0700 for directories)? I use a umask of 77 but that's annoying > when playing with files in other locations. setgid on directories won't help, but maybe the behavior of the sticky bit is what you are looking for? Is how stuff in /tmp handled OK permission-wise for your expectations? Otherwise, you only have one default umask. I'm not sure there is a sane way of changing it depending on which directory you are currently in, but you might try setting up an alias ("cd77", "cd22"?) which combines setting the umask and cd'ing. -- -Chuck