On Sun, 30 May 2010 15:02:41 +0100, Stephen Gran
wrote:
>This one time, at band camp, Marc Haber said:
>> I am not a very good friend of just counting. I would try to somehow
>> hash the user name into the UID since this will - at least on systems
>> with only a handful of users - enhance the chan
This one time, at band camp, Marc Haber said:
> On Wed, 26 May 2010 23:43:12 +0100, Stephen Gran
> wrote:
> >This one time, at band camp, Roger Leigh said:
> >> How will adduser cope with group addition; does it skip UIDs until
> >> it finds an unused unique UID/GID pair?
> >
> >That certainly is
On Wed, 26 May 2010 23:43:12 +0100, Stephen Gran
wrote:
>This one time, at band camp, Roger Leigh said:
>> How will adduser cope with group addition; does it skip UIDs until
>> it finds an unused unique UID/GID pair?
>
>That certainly is the only approach that makes sense - it has the
>benefit of
Am Fri, 28 May 2010 00:15:17 +0200
schrieb "C. Gatzemeier" :
> but now, if we
> activate pam_umask, it will read UMASK 022 from login.defs again (and
> relax it conditionally).
err, that is the case if you keep the UMASK 022 and "usergroups"
option (the defaults). Of course you can set a fixed U
Am Thu, 27 May 2010 11:35:34 +0200
schrieb Wolodja Wentland:
> why not make the decision to use UPG explicit by setting
> "UPG = True"
I would say UPGs are already explicitly used.
If your UPG = True means that newly created users are created with user
private groups, than that is "USERGROUPS=y
On Thu, May 27, 2010 at 11:35:34AM +0200, Wolodja Wentland wrote:
> On Wed, May 26, 2010 at 23:43 +0100, Stephen Gran wrote:
> > This one time, at band camp, Roger Leigh said:
> > > How will adduser cope with group addition; does it skip UIDs until
> > > it finds an unused unique UID/GID pair?
>
>
On Wed, May 26, 2010 at 23:43 +0100, Stephen Gran wrote:
> This one time, at band camp, Roger Leigh said:
> > How will adduser cope with group addition; does it skip UIDs until
> > it finds an unused unique UID/GID pair?
> That certainly is the only approach that makes sense - it has the
> benefit
Am Tue, 25 May 2010 16:43:21 -0700
schrieb Steve Langasek :
> I am not willing to diverge from upstream on this as this
> would mean admins coming from other systems may get an unpleasant
> surprise when they find that Debian gives a more relaxed umask than
> they were expecting in some corner cas
This one time, at band camp, Tollef Fog Heen said:
> The problem is when you then run addgroup foo, every user created
> after that will not be considered to be a UPG user. Perhaps addgroup
> shouldn't use the same gid range as what we are using for users, to
> make this problem at least smaller,
This one time, at band camp, Michael Banck said:
> In light of UPG, we might want to revisit the default here as well,
> maybe it makes sense to have your $HOME not world-readable be the
> default?
That is already trivailly settable and not a debate likely to bring much
new to the table on either
This one time, at band camp, Roger Leigh said:
> How will adduser cope with group addition; does it skip UIDs until
> it finds an unused unique UID/GID pair?
That certainly is the only approach that makes sense - it has the
benefit of simplicity, if not elegance.
Cheers,
--
Wed, 26 May 2010 23:26:37 +0200, Tollef Fog Heen:
> Perhaps addgroup
> shouldn't use the same gid range as what we are using for users, to
> make this problem at least smaller, if not make it go away.
Hm, that may be another option to allign UIDs and GIDs, you'd create
split max. UID/GID amounts t
Am Wed, 26 May 2010 14:25:58 +0200
schrieb Michael Banck :
> On Wed, May 26, 2010 at 02:36:53AM +0200, C. Gatzemeier wrote:
> > Am Tue, 25 May 2010 22:47:51 +0200
> > schrieb Harald Braumann :
> > > On Tue, May 25, 2010 at 10:09:35PM +0200, C. Gatzemeier wrote:
> > > > The path into your home dire
Am Wed, 26 May 2010 18:05:32 +0100
schrieb Roger Leigh :
> How will adduser cope with group addition; does it skip UIDs until
> it finds an unused unique UID/GID pair?
Maybe just skip taken GIDs by default? (every user has one, less gap
more likely to be usable for a user account), starting +1 f
Am Wed, 26 May 2010 18:05:32 +0100
schrieb Roger Leigh :
> What, exactly, does comparing the UID and GID get you? I.e. what
> is is protecting you against? If you're using a system such as
> Debian, which has created a group by the same name for many years,
> you're in no danger
AFAIU it is mea
]] "C. Gatzemeier"
| So yes, you can setup UPGs with UID!=GID, but then you'll also
| have to set the umask manually to make it work (globally or in gecos or
| ldap etc.).
|
| The UID==GID and username==groupname restriction of the
| pam_umask's "usergroups" option ensures that the umask is only
On Wed, May 26, 2010 at 02:22:43PM +0200, Michael Banck wrote:
> Hi,
>
> On Wed, May 26, 2010 at 01:00:49PM +0100, Roger Leigh wrote:
> > > This one time, at band camp, Steve Langasek said:
> > > > pam_umask requires both username == primary group name and uid == gid
> > > > before it will assume
On Wed, May 26, 2010 at 02:36:53AM +0200, C. Gatzemeier wrote:
> Am Tue, 25 May 2010 22:47:51 +0200
> schrieb Harald Braumann :
> > On Tue, May 25, 2010 at 10:09:35PM +0200, C. Gatzemeier wrote:
> > > The path into your home directory is not restricted, just as the
> > > path others can take to rin
Hi,
On Wed, May 26, 2010 at 01:00:49PM +0100, Roger Leigh wrote:
> > This one time, at band camp, Steve Langasek said:
> > > pam_umask requires both username == primary group name and uid == gid
> > > before it will assume UPG are in place when using its 'usergroups'
> > > option,
>
> I'd be int
On Wed, May 26, 2010 at 08:40:26AM +0100, Stephen Gran wrote:
> This one time, at band camp, Steve Langasek said:
> > On Tue, May 25, 2010 at 11:30:49PM +0100, Stephen Gran wrote:
> > > This one time, at band camp, Michael Banck said:
> >
> > > > Seems worthwhile to change adduser how you suggest
This one time, at band camp, Steve Langasek said:
> On Tue, May 25, 2010 at 11:30:49PM +0100, Stephen Gran wrote:
> > This one time, at band camp, Michael Banck said:
>
> > > Seems worthwhile to change adduser how you suggest to me, is there
> > > a bug filed to this end?
>
> > adduser has had bu
Am Tue, 25 May 2010 23:30:49 +0100
schrieb Stephen Gran :
> adduser has had bugs filed in the past asking for uid to be equal to
> gid by default, and I have so far rejected them as not worth the
> complexity for the aesthetic pleasure of having numbers match. Is
> there some problem with usernam
Am Tue, 25 May 2010 22:47:51 +0200
schrieb Harald Braumann :
> On Tue, May 25, 2010 at 10:09:35PM +0200, C. Gatzemeier wrote:
>
> > The
> > path into your home directory is not restricted, just as the path
> > others can take to ring your bell at home is not restricted.
>
> Depends on adduser
On Tue, May 25, 2010 at 11:30:49PM +0100, Stephen Gran wrote:
> This one time, at band camp, Michael Banck said:
> > On Tue, May 25, 2010 at 10:09:35PM +0200, C. Gatzemeier wrote:
> > > 3) UID==GID was questioned to be a requrement, probably because it was
> > >seen that it isn't be enforced, b
This one time, at band camp, Michael Banck said:
> On Tue, May 25, 2010 at 10:09:35PM +0200, C. Gatzemeier wrote:
> > 3) UID==GID was questioned to be a requrement, probably because it was
> >seen that it isn't be enforced, but it can be of great help if you
> >are looking at a filesystem (
On Tue, May 25, 2010 at 10:09:35PM +0200, C. Gatzemeier wrote:
> 3) UID==GID was questioned to be a requrement, probably because it was
>seen that it isn't be enforced, but it can be of great help if you
>are looking at a filesystem (removable drive) without knowing the
>corresponding p
On Tue, May 25, 2010 at 10:09:35PM +0200, C. Gatzemeier wrote:
> The
> path into your home directory is not restricted, just as the path
> others can take to ring your bell at home is not restricted.
Depends on adduser settings. Both, world readable and private home
directories are common.
> Al
Hi,
am glad UPGs and the default umask finally got some momentum.
Technical issues below.
For anybody who has any doubt about UPGs or thinks it's insecure, here
is a explanation snippet from [0]:
~
(This should be true, but still needs the fixes from bel
28 matches
Mail list logo
