|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Eric Anderson (anderson_at_centtech.com)
Date: Tue Nov 05 2002 - 12:35:34 CST
Klaus Steden wrote:
> Can anyone explain to me the benefits of per-user groups? It seems to me that
> modern *nix systems, FreeBSD included, create a new group for each user.
>
> Is there a security benefit (or some other benefit) to be had by this? Why has
> it apparently been adopted as a convention by the free *nix flavours?
My understanding (which is most probably incorrect), is that it is safer
to assign a new group per user, then automatically default them to some
set group.
In other words - people are lazy, and so if that's true (it is), then
they are likely to believe that the default is the best choice. If all
users default to some standard group, then it is far easier to have
accidentally set a file to mode 775 (or some such variant), and have the
whole user base have rights to it, than a default group of the user
itself - which would be limited.
Eric
-- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology Beware the fury of a patient man. ------------------------------------------------------------------To Unsubscribe: send mail to majordomo
FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]