Once upon a time martin f krafft said... > adduser on a default Debian system will create a new group for each > new user, and make e.g. /home/joe be joe:joe. Why? > > joe is *not* given rights to add members to the group. So what's the > point? I think this is a RedHat-ism, and I think they never had > a real reason. > > Maybe I am also just overlooking the detail. Then please whack me > with the clue stick.
As I understand it, the purpose of giving each user their own group is to allow effective use of set-gid directories. Files created in set-gid directory are created with the group the same as the directory instead of the gid of the user creating the file. This allows you to define various workgroups in the /etc/group file and have different working directories for those workgroups. Each working directory has a group id of the workgroup and a mode of 2775, allowing all members of the group to create files in that directory. To have this work effectively, users need to have a umask of 002 - files are created group writable. Otherwise a user will have to manually chown a file in a workgroup directory to allow other members of that workgroup to make changes to the file - a process that is usually forgotten. If a user is to have a 002 umask, then their personal files will also be group writable by default. If all users are in the same group (users), then they will be able to modify each other's personal files. By giving each user their own group, this issue is resolved. This scenario is predicated on an open, collaborative environment where users trust each other not to bugger up the shared work. If such a work environment does not exist, there is little benefit to each user having their own group. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
