* Philip Guenther <[email protected]> [2010-10-29 19:48]: > Back in my pure sysadmin days, I found that when users all (or almost > all) share a default group like "users", then it isn't easy enough for > normal users to leverage other groups for shared access to files and > directories. Because the default group is widely shared, everyone > runs with a umask of 077 or 022; 'group' is effectively 'other'. As a > result, users trying to share stuff via secondary groups have to > remember to change umask or use chmod all the time. *I* didn't always > remember to do that and I was the sysadmin; the teachers and students > certainly didn't get it right consistently. > > Group-per-user setups solve this by letting people safely have a umask > of 007 or 002. When they do work in a directory whose group is a > secondary group, the resulting files are (and stay) writable by the > group**. Permitting that change in default umask eliminates the > requirement for manual changes and their cognitive load as the user > moves between projects and directories. Fewer forgets and mistakes > meant fewer emails to root asking for me to fix the perms on some file > while so-and-so was on vacation, etc.
I have to agree here. -- Henning Brauer, [email protected], [email protected] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
