redhat-list-setting_directory_sgid_to_simplify_group_usage

This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.



To: redhat-list@listman.redhat.com
From: "Myhre, Julie" <JMyhre@ctiseattle.com>
Subject: Default of GID=UID
Date: Thu, 20 Feb 2003 12:25:03 -0800

I come from an SGI and Sun UNIX background, where the admin needs to do
some good group and file management planning, and creates accounts
giving groups of users a main  project group (thus, their primary GID),
and perhaps adding them to other groups as well.  The users'
individually (default login mode - no newgrp) created files are safe
from tampering and destruction, but can be viewed by members only in
their group.  The Linux default requires the user to explicitly share
every file he creates, since every new user has a unique GID.

I'm having some trouble finding any discussion that relates the pros and
cons of the Linux method, and I know some of the issues must revolve
around the duties and experience level of shared groups one might
create.

I'd like to hear people's thoughts - I'm sure it is evident from the
first paragraph that I lean towards the UNIX method, because I can
foresee administrative nightmares (depending on which of my previous
jobs I model after :-), but before I work with our other Sysadmins on
our relatively new linux systems, I'd like to know what I am up against.
I am willing to be swayed to stay with the Linux default....I do have
workarounds in mind to avoid relying on users to remember to share their
work to the correct group.=20=20

Thanks,
Julie Myhre



===

To: redhat-list@listman.redhat.com
From: "Todd A. Jacobs" <nospam@codegnome.org>
Subject: Re: Default of GID=UID
Date: Thu, 20 Feb 2003 15:23:55 -0800 (PST)

On Thu, 20 Feb 2003, Myhre, Julie wrote:

> from tampering and destruction, but can be viewed by members only in
> their group.  The Linux default requires the user to explicitly share
> every file he creates, since every new user has a unique GID.

First of all, most *nix distros create all users with the same GID, e.g. 
"users." Lots of distros also have the unfortunate tendency to create 
home directories group-writable, so users essentially have zero privacy 
out of the box.

The "user private groups" idea is primarily a Red Hat-ism. I don't know
any other distro that does this, but it's a well-known security truism
that things should "fail closed." In other words, if you want to share
stuff, you should have to make a conscious effort to do so.

It's actually quite easy to share group info on Red Hat. If you want to
create a group-shared folder, just set the directory SGID. Any files or
folders created in it will then have the group ID set to that of the SGID
directory, so all the members can share it without having to dink around
with permissions on their home directories to keep other group members
out.

Can you do similar things without user private groups? Sure. Does it take 
more planning, auditing, and LARTs? Absolutely.

As always, your mileage may vary, and shares may be worth more or less at 
time of redemption. :)

===

To: redhat-list@listman.redhat.com
From: "nate" <redhat@aphroland.org>
Subject: Re: Default of GID=UID
Date: Thu, 20 Feb 2003 14:38:17 -0800 (PST)

Myhre, Julie said:

> I come from an SGI and Sun UNIX background, where the admin needs to do
> some good group and file management planning, and creates accounts giving
> groups of users a main  project group (thus, their primary GID), and
> perhaps adding them to other groups as well.  The users'
> individually (default login mode - no newgrp) created files are safe from
> tampering and destruction, but can be viewed by members only in their
> group.  The Linux default requires the user to explicitly share every file
> he creates, since every new user has a unique GID.
>
> I'm having some trouble finding any discussion that relates the pros and
> cons of the Linux method, and I know some of the issues must revolve
> around the duties and experience level of shared groups one might
> create.

I think a benefit is maintaining UID and GID number naming consistancy.
for me it's just nice I guess, to know that the UID number in passwd matches
an entry in group(for user accounts at least). This of course can vary
depending on what your used to. In my last job I created users(on a solaris
NIS/NFS box) with each user in their own group. In addition to that the
manager was used to the "unix" way and wanted everyone in a "staff" group
so I put them in that group as well. Directories were 775 by default, if
someone wanted to share a file they could either change permissions
accordingly on their directory or copy it toa temporary location(there were
several "public" locations that were shared depending on what purpose the
data was being used for). Or, more often they just put the file in their
~/public_html directory and emailed a url to the user.

the "linux" way is also a bit more secure of course because of this, having
each user in their own group. e.g. back in ~1994 I had a unix class,
and the teacher was teaching us awk. I could never get beyond the most
basic usage of awk, so I just copied his scripts from his home directory and
modified them a bit so they looked like mine. Either he didn't suspect
anything or he didn't care(the OS was SCO). I would think that most users
would prefer that their files are not readable by other users on the system
by default(when I say most I am mostly referring to the less experienced,
perhaps they don't know how to use chown/chmod or don't know what it is
at all).

For me, it is habbit, if I want to share a file with someone, I copy it
to /tmp, let them get it, and delete it after. Though I am rarely on
systems that have more then a couple users logged on at any given point.
Most of the systems I am the only user in the shell, and most of my
systems do not run ftp servers. And pretty much all of my systems
run with only trusted users.


most linux systems the adduser process is done by a script though on
redhat I can't seem to find a script that does it, all I see is useradd.
Debian's setup uses a perl script to add users, and maintains a config
file[1] which you can adjust the defaults for adding users, e.g. put them
in their own group or not, what UID/GIDs to assign(ranges), and more.
Back when I used slackware('97) I think adduser was a bash script..though
no idea what it uses now.

nate
(solaris, irix, hpux, aix, tru64, redhat, suse, debian, slackware, freebsd
etc.................debian is by far my favorite!)

[1] http://www.fifi.org/cgi-bin/man2html/usr/share/man/man5/adduser.conf.5.gz

===

the rest of The Pile (a partial mailing list archive)

doom@kzsu.stanford.edu