Date: Tue, 5 Nov 2002 14:20:53 -0500 (EST) From: Matt Piechota <piechota@argolis.org> To: Eric Anderson <anderson@centtech.com> Cc: Klaus Steden <klaus@compt.com>, <freebsd-security@FreeBSD.ORG> Subject: Re: per-user groups Message-ID: <20021105141841.F27225-100000@cithaeron.argolis.org> In-Reply-To: <3DC80F76.4020909@centtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 5 Nov 2002, Eric Anderson wrote: > My understanding (which is most probably incorrect), is that it is safer > to assign a new group per user, then automatically default them to some > set group. > > In other words - people are lazy, and so if that's true (it is), then > they are likely to believe that the default is the best choice. If all > users default to some standard group, then it is far easier to have > accidentally set a file to mode 775 (or some such variant), and have the > whole user base have rights to it, than a default group of the user > itself - which would be limited. It also makes sharing safer without admin intervention: bob@foo% chgrp fred myfile ; chown 750 myfile bob@foo% echo 'check out myfile' | write fred -- Matt Piechota To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021105141841.F27225-100000>