On Tue, 5 Nov 2002, Eric Anderson wrote:

> My understanding (which is most probably incorrect), is that it is safer
> to assign a new group per user, then automatically default them to some
> set group.
>
> In other words - people are lazy, and so if that's true (it is), then
> they are likely to believe that the default is the best choice. If all
> users default to some standard group, then it is far easier to have
> accidentally set a file to mode 775 (or some such variant), and have the
> whole user base have rights to it, than a default group of the user
> itself - which would be limited.

It also makes sharing safer without admin intervention:
bobfoo% chgrp fred myfile ; chown 750 myfile
bobfoo% echo 'check out myfile' | write fred

-- 
Matt Piechota
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]