private group administration
-----BEGIN PGP SIGNED MESSAGE-----
i was thinking about user creation and group administration. Every user
gets his own private group when he is created. And the motivation for
that is to avoid users sharing files with all other users to per default
But what if the user wants to change his files with a specific user or
two? An easy though not well known way to do that would be to push these
users into the private group. For this to work the user has to be
Administrator of his private group.
( eg. i'm tux with group tux
- root has to make me administrator of my private group :
# gpasswd -A tux tux
now i can get paul in to my private group
tux@somewhere ~> gpasswd -a paul tux
or i could set/change my group passwort
tux@somewhere ~> gpasswd tux
change rights on /home/tux
tux@somewhere ~> chmod g+rx .
don't forget to check all the other dirs and files for group access
tux@somewhere ~> ls -la .
you might want to remove group and other bits
tux@somewhere ~> chmod g=,o= * .*
explicitly open a project dir in /home/tux
tux@somewhere ~> mkdir project
tux@somewhere ~> chmod g+rwx project
Writing this i realize that this will only make sense if i use the right
umask. So lets set it to something more secure, since i might not want
to change all my files with paul.
tux@somewhere ~> vi .bashrc
All right it might not be in my best interest to share something in my
home dir, or if i do i have to be very careful about the permissions
But i still thinks a user should be in control of his private group.
But he is not. This has to be set explicitly by the entity that creates
the user. I wonder what the reasoning is/was behind that.
Why is a user not made administrator of his private group per default?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
fedora-devel-list mailing list
|All times are GMT. The time now is 04:25 PM.|
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.