From owner-freebsd-questions@FreeBSD.ORG Wed May 11 19:15:47 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E75E416A4CE for ; Wed, 11 May 2005 19:15:47 +0000 (GMT) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8F68443D86 for ; Wed, 11 May 2005 19:15:47 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id AB6025EA0; Wed, 11 May 2005 15:15:46 -0400 (EDT) Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 62836-02; Wed, 11 May 2005 15:15:46 -0400 (EDT) Received: from [192.168.1.3] (pool-68-161-53-96.ny325.east.verizon.net [68.161.53.96]) by pi.codefab.com (Postfix) with ESMTP id AFD4A5C82; Wed, 11 May 2005 15:15:45 -0400 (EDT) Message-ID: <428259DC.9050802@mac.com> Date: Wed, 11 May 2005 15:15:40 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Lewis Thompson References: <20050511165506.GC10213@asu.edu> <428242D7.6040103@mac.com> <20050511174702.GA23222@noisy.compsoc.man.ac.uk> <42824FFA.4080603@mac.com> <20050511185620.GA91019@noisy.compsoc.man.ac.uk> In-Reply-To: <20050511185620.GA91019@noisy.compsoc.man.ac.uk> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at codefab.com cc: freebsd-questions@freebsd.org Subject: Re: user owned groups X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2005 19:15:48 -0000 Lewis Thompson wrote: > On Wed, May 11, 2005 at 02:33:30PM -0400, Chuck Swiger wrote: >>setgid on directories won't help, but maybe the behavior of the sticky bit >>is what you are looking for? Is how stuff in /tmp handled OK >>permission-wise for your expectations? > > No, I was thinking more along the lines of inheriting permissions on new > files from the directory they are in, i.e. > > umask 22 > mkdir inherit && chmod 5700 inherit (let's pretend 5 is my inherit mode) > cd inherit && touch test > > The end result would be that test would be created 0600 (or maybe 0700 > but that's not very handy). > > Does that make sense? Is it possible? Heh, good questions. Yes, and it is probably not needed. If "inherit" has 700 permissions, nobody who is not root or has the same UID can traverse down into inherit in order to look at or try to access test. If you "mkdir private && chmod 700 private", any files created under private will be safely[1] hidden away from anyone else but you, regardless of their permissions or what your umask is. -- -Chuck [1]: Within the limits of the security of the filesystem, anyway. If someone steals the hard drive, that's a different problem domain. If you want to keep files truely secret, consider encryption, or avoid keeping them on a computer in the first place.