Date: Wed, 11 May 2005 13:37:27 -0400 From: Chuck Swiger <cswiger@mac.com> To: David.Bear@asu.edu Cc: freebsd-questions@freebsd.org Subject: Re: user owned groups Message-ID: <428242D7.6040103@mac.com> In-Reply-To: <20050511165506.GC10213@asu.edu> References: <20050511165506.GC10213@asu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
David Bear wrote: > I've noticed that with some Linux distributions the default behavior > of creating user accounts created the group with the same name as the > user, and made that group the primary group of the user. There are > other linux distributions that the throw all users into a default > group named users. Good observation. :-) > Freebsd does the first. Assuming that Freebsd was designed to be more > secure from the start, I am assuming that creating a group for each > user was also deemed a security plus. > > Are there any documents explaining the reasoning behind this? Sure. "man 2 umask" and "man chmod". If all of the users have their default group be staff or some such, anyone can change any file which is group-writable. If each user has their default group be a unique group (with UID==GID), then users can safely use a 002 umask, without worrying about their files being stolen or changed by other users, and yet still use group accounts to work with other users when they do want to share files with. Hunt down the thread "Re: Default permissions of /home/user.." (search for msg-id <417C1FB9.2090909@mac.com>) for more discussion on this topic. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?428242D7.6040103>
