OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: jnelson (jnelson_at_rackspace.com)
Date: Tue Nov 05 2002 - 13:00:54 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    " 'probably incorrect' " but I think he's exactly right. Users must
    belong to a group, so defaulting to creating their own bypasses this
    requirement--in essence. I've been using the same custom Zsh for so long
    that I don't recall what the default umask setting is, but I pretty sure
    022 is it and not 002.

    I've heard talk of a new system of group/user permissions; is anyone
    working with that project?

    -j

    -----Original Message-----
    From: owner-freebsd-securityFreeBSD.ORG
    [mailto:owner-freebsd-securityFreeBSD.ORG] On Behalf Of Eric Anderson
    Sent: Tuesday, November 05, 2002 12:36 PM
    To: Klaus Steden
    Cc: freebsd-securityFreeBSD.ORG
    Subject: Re: per-user groups

    Klaus Steden wrote:
    > Can anyone explain to me the benefits of per-user groups? It seems to
    me that
    > modern *nix systems, FreeBSD included, create a new group for each
    user.
    >
    > Is there a security benefit (or some other benefit) to be had by this?
    Why has
    > it apparently been adopted as a convention by the free *nix flavours?

    My understanding (which is most probably incorrect), is that it is safer

    to assign a new group per user, then automatically default them to some
    set group.

    In other words - people are lazy, and so if that's true (it is), then
    they are likely to believe that the default is the best choice. If all
    users default to some standard group, then it is far easier to have
    accidentally set a file to mode 775 (or some such variant), and have the

    whole user base have rights to it, than a default group of the user
    itself - which would be limited.

    Eric 

    -- 
------------------------------------------------------------------
Eric Anderson	   Systems Administrator      Centaur Technology
Beware the fury of a patient man.
------------------------------------------------------------------

    To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

    To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message