Date: Tue, 05 Nov 2002 12:35:34 -0600 From: Eric Anderson <anderson@centtech.com> To: Klaus Steden <klaus@compt.com> Cc: freebsd-security@freebsd.org Subject: Re: per-user groups Message-ID: <3DC80F76.4020909@centtech.com> References: <20021105130922.A36056@cthulu.compt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Klaus Steden wrote: > Can anyone explain to me the benefits of per-user groups? It seems to me that > modern *nix systems, FreeBSD included, create a new group for each user. > > Is there a security benefit (or some other benefit) to be had by this? Why has > it apparently been adopted as a convention by the free *nix flavours? My understanding (which is most probably incorrect), is that it is safer to assign a new group per user, then automatically default them to some set group. In other words - people are lazy, and so if that's true (it is), then they are likely to believe that the default is the best choice. If all users default to some standard group, then it is far easier to have accidentally set a file to mode 775 (or some such variant), and have the whole user base have rights to it, than a default group of the user itself - which would be limited. Eric -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology Beware the fury of a patient man. ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DC80F76.4020909>