Currently each Ubuntu user gets his own group, so: jsmith:jsmith lmanning:lmanning rpaul:rpaul
and so on. I feel this is a lot of clutter for no benefit. First let's discuss the benefit. Since each user has his own group, the administrator can grant other users access to each others' files in a fine-grained manner by adding them to other users' groups. This seems useful, but consider: - To modify the groups a user is in, you must have administrative access - As long as you're modifying users anyway, you're in a position to create a group and add both users to it - This is better accomplished with POSIX ACLs, which users can control on files they own That third one, by the way, suggests that we should have a Windows NT style permissions tab in Nautilus' file properties such that you can add a user and alter their permissions. UNIX permissions allow you to set Owner, Group, Owner access, Group access, Other access; POSIX ACLs allow additional Users and Groups to be added with their own permissions as well. Thus: Creator/Owner: [User] Group: [Group] Permissions: ::Creator/Owner: rwx ::Group: --- ::Everyone: --- ::group=developers: rwx ::group=managers: r-x etc The above suggests to me that any such benefit from giving users individual groups is quickly mitigated because either A) the users are all administrators, so sharing versus isolating files is wholly imaginary; or B) giving fine-grained access via group membership requires administrator mediation. I suggest all users should go into group 'users' as the default group, with $HOME default to 700 and in the group 'users'. A umask of 027 or the traditional 022 is still viable: the files in $HOME are not visible because you cannot list the contents of $HOME (not readable) or change into it to access the files within (not executable). A user can grant permissions to other users to access his files simply by making the directory readable by them--by 'users' or others (thus everyone) or by fine-grained POSIX ACLs selecting for individual users and groups. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
