[EMAIL PROTECTED] (Thomas Bushnell, BSG) wrote: > Oystein Viggen <[EMAIL PROTECTED]> writes: >> Combined with umask 002 (suggested by yourself), this gives members of >> the wheel group write access to all files created in /tmp by default, as >> these files will be writable for group root. ... > In any case, this is the basic reason why the inherit-group property > probably should be restricted to > inherit-only-if-i'm-a-member-of-the-group.
Rather, I'd say this makes a case for SysV behavior: the group id should be inherited in shared project directories, but not in global /tmp-style directories. So some directories can be setgid and others not. The restriction you mention would remove useful behavior. Suppose a user U is to create files writable by group G, but U is not a member of G, because G has other access that U should not have. With the current inheritance behavior, root can set up a directory accessible only by U, which contains a world-writable, setgid directory group-owned by G. U can create G-group-owned files in the directory and set appropriate permissions on them, and then move them out to other parts of the filesystem where members of G can reach them. We had a use for this exact behavior just yesterday at work. paul _______________________________________________ Bug-hurd mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/bug-hurd
