user owned groups
Chuck Swiger
cswiger at mac.com
Wed May 11 10:37:35 PDT 2005
David Bear wrote:
> I've noticed that with some Linux distributions the default behavior
> of creating user accounts created the group with the same name as the
> user, and made that group the primary group of the user. There are
> other linux distributions that the throw all users into a default
> group named users.
Good observation. :-)
> Freebsd does the first. Assuming that Freebsd was designed to be more
> secure from the start, I am assuming that creating a group for each
> user was also deemed a security plus.
>
> Are there any documents explaining the reasoning behind this?
Sure. "man 2 umask" and "man chmod".
If all of the users have their default group be staff or some such, anyone can
change any file which is group-writable. If each user has their default group
be a unique group (with UID==GID), then users can safely use a 002 umask,
without worrying about their files being stolen or changed by other users, and
yet still use group accounts to work with other users when they do want to
share files with.
Hunt down the thread "Re: Default permissions of /home/user.." (search for
msg-id <417C1FB9.2090909 at mac.com>) for more discussion on this topic.
--
-Chuck
More information about the freebsd-questions
mailing list