Quoth Aaron Toponce <aaron.topo...@gmail.com>, on 2010-05-10 10:40:58 -0600: > On 5/10/2010 10:23 AM, Julien Cristau wrote: > > On Mon, May 10, 2010 at 10:14:00 -0600, Aaron Toponce wrote: > > Are there reasons for making the switch? With user groups, umask 002 or > > 022 doesn't make a difference. To switch off user groups, you set > > USERGROUPS=no in adduser.conf, and that's it. > > The biggest reason for making the change is when group collaboration > becomes a necessity.
FWIW (which is probably vanishingly little), I find that dealing with significant group or even inter-user interactions on Unix machines eventually gets nearly impossible in the absence of full POSIX ACL support. Modern Debian supports this well with a suitable filesystem on the backend, though depending on your interop requirements there may be other problems. In this case, the umask problem you mention: > Suppose you have an 'devel' group on the system, > and a central directory where the collaboration happens. Because of the > default umask value being '0022', the users must make sure that they > have 'umask 0002' in their shell rc file, or as appropriate, [...] goes away almost entirely if you [setfacl -m d:g::rwx] (or d:g::rx, whichever is appropriate) the central directory. (This still doesn't catch mv'd files, but neither does umask, and that's sort of another kettle of fish.) I regularly set my personal umask to 0077 because I find accidentally creating files that other users can snoop on to be more dangerous than having to chmod files after the fact. Conversely, setting default ACLs is one of the first things I do when setting up collaboration directories. ---> Drake Wilson -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100510172420.ga30...@drache.begriffli.ch