[Gllug] Reason behind groups

[Alain Williams]

On Tue, Oct 15, 2002 at 02:47:57PM +0100, Jonathan Dye wrote:
> Hi,
> 
> I've noticed several distributions that by default set the group of new
> users to have the same name as the user.
> i.e.
> 
> User X has primary group X
> 
> but I can't see a good reason to have it this way.  On all the systems that
> I've used before the users are members of meaningful groups like 'students'
> or 'software' etc which means you can allow read access to your peers but
> no-one else.  With the above scheme you can only allow access to yourself as
> each group only has one user.
> Can anyone suggest why it is this way?

I don't *know* why, but it does make the following much easier:

You have a group of people who work together and want to read/write some common files.
The easy way of doing this is to create a supplimentary group (eg friends) and create
some workspace (a directory heirarchy) where all the files are of group-id friends.
You can arrange that new files created under the heirarchy are automagically group-id
friends by making the top level directory setgroup-id (ie mode 2770 == rwxrws---).

So that they can write these shared files, they need to be created group writable
(eg umask 2, not 22). This means that *all* files that the user creates are group
writable, so that if you had a generic group such as 'users', every user could write
every other user's files -- not desirable.

So: give every user a unique default group and the world writabilty problem goes away.

The bottom line is that getting users to change umask or group ownership of files is a
non starter, especially if they just use a GUI interface. The above mechanism lets it
all 'just work'.

-- 
Alain Williams

#include <std_disclaimer.h>

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug