On Sat, Sep 28, 2013 at 9:49 AM, <peasth...@shaw.ca> wrote: > From: Joel Rees <joel.r...@gmail.com> > Date: Sat, 28 Sep 2013 09:05:33 +0900 >> ... make all the users that write to it [a folder] members of the group. > > If you don't object to the question, would those users tend to be > people or projects or tasks?
Good question! Answer: Yes. ;-) Okay, okay, I'll unpack that. We tend to think of user ids in a system as being one-to-one mapped to the people using the system. That is a wrong way to think. (And one of the reasons ACLs are just plain wrong.) Trying to generalize without getting too abstract, your personal computer needs at least an admin user (besides root) and a personal user for general tasks and a personal user for bank access, etc. (Ideally, we'd have user ids for pretty much every task we have, but we don't really have the tools for managing so many users and for using them meaningfully. Generating a jailed session for the browser when you go surfing is still not exactly easy to fit into your workflow.) When a computer or a network is used for community tasks and projects, that task or project needs a user id and a resources assigned to it. It may work better to have a password shared by members of the task group, so they can log on as the task user, or it may work better to not allow the project virtual user to log in, all access to the project resources by membership in the project group. But each user that will access the task/project resources will need to be members of the system group assigned to the task/project. Daemons are actually just managers of shared resources, which is why they tend to have user and group ids (and resources) assigned to them. Thanks. I've been trying to put up an explanation of this in my blog for quite a while. This is about as cogent an explanation as I've come up with yet. Maybe it will help me produce a proper blog post (if there is such a thing :^|) -- Joel Rees Be careful where you see conspiracy. Look first in your own heart. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caar43iolho-xxjumfbvfopvjgjego9wa3puao9az2+o8tqp...@mail.gmail.com
