On 05/11/2010 07:09 PM, Russ Allbery wrote: > Aaron already explained this, but I was confused for quite some time about > the point of UPG and I'm not sure I would have gotten it from his > explanation, so let me say basically the same thing he said in different > words. > > The purpose of UPG is not to use the user private group for any sort of > access control. Rather, the point is to put each user in a group where > they're the only member so that they can safely use a default umask of 002 > without giving someone else write access to all their files. Then, the > right thing will happen when that user edits files in a shared space owned > by some *other* group. Without UPG, you can't safely set a umask of 002, > but when UPG is in place, you should be able to without broadening the > access granted to the user's own files by default. It then makes project > directories with a sticky GID bit *much* more useful. > > UPG without a umask of 002 is pointless. One may as well just put all > users in a users group.
Well said. -- . O . O . O . . O O . . . O . . . O . O O O . O . O O . . O O O O . O . . O O O O . O O O
signature.asc
Description: OpenPGP digital signature
