creating all users with one primary group?
Reindl Harald
h.reindl at thelounge.net
Sat Dec 31 15:21:24 UTC 2011
Am 31.12.2011 16:11, schrieb Dave Ihnat:
> On Sat, Dec 31, 2011 at 02:31:04PM +0100, Reindl Harald wrote:
>> what have "/etc/login.defs" to do with the fact that there is
>> simply no need to have a personal group for a user at all?
>
> You're probably not thinking about multiple users on a relatively secure
> system.
oh yes i consider
I *think*, if I recall correctly, that AT&T System III & V put
> everyone in the same group. This is a possible security breach, since any
> executable/directory/file that might grant rights to that group would be
> open to exploit by anyone in the group
yes and no
if i need that i do chmod 700 for folders and chmod 600 for files
no need to create a group for each user
> So, from a security point of view, it makes a lot more sense to assign each
> user to their own group, and only let them in shared groups by deliberate
> assignment. It doesn't cost anything in terms of resources or performance.
froma security point of view abvoe chmod's are making much more sense
and if you need finer restrictions you need ACL's where groups for each
user does not make sense at all - you need in this case groups for several
roles and assing matching ACL's
own groups for each user does not make sense at all
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20111231/9fde468c/attachment.sig>
More information about the users
mailing list