On Thu, 20 Feb 2003, Myhre, Julie wrote: > from tampering and destruction, but can be viewed by members only in > their group. The Linux default requires the user to explicitly share > every file he creates, since every new user has a unique GID.
First of all, most *nix distros create all users with the same GID, e.g. "users." Lots of distros also have the unfortunate tendency to create home directories group-writable, so users essentially have zero privacy out of the box. The "user private groups" idea is primarily a Red Hat-ism. I don't know any other distro that does this, but it's a well-known security truism that things should "fail closed." In other words, if you want to share stuff, you should have to make a conscious effort to do so. It's actually quite easy to share group info on Red Hat. If you want to create a group-shared folder, just set the directory SGID. Any files or folders created in it will then have the group ID set to that of the SGID directory, so all the members can share it without having to dink around with permissions on their home directories to keep other group members out. Can you do similar things without user private groups? Sure. Does it take more planning, auditing, and LARTs? Absolutely. As always, your mileage may vary, and shares may be worth more or less at time of redemption. :) -- "Of course I'm in shape! Round's a shape, isn't it?" -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
