begin quoting Gregory K. Ruiz-Ade as of Sat, Nov 26, 2005 at 12:35:58PM -0800: > On Nov 26, 2005, at 12:02 PM, Stewart Stremler wrote: > > >Has nothing to do with breaking the 'UID and GID must match' meme. > > > >Groups are for groups, not a secondary indicator of ownership. Use > >'em to _group_ users (this should not come as a brilliant insight). > > The whole "user-private group" thing was done, IIRC, out of the hope > that it would help confused users to have the proper permissions and > ownerships created on new files.
Yup. But solutions often have unintended side-effects -- e.g. the UID==GID meme -- and trade-offs. The "appropriate" solution would be a full ACL system, but that's not universal in UNIX-land, and it would be Yet Something Else To Explain To The Users. :-/ > The documentation on it from Red Hat is here: > > http://www.redhat.com/docs/manuals/linux/RHL-5.0-Manual/user-guide/doc079.html The rationale is right at the end. It basically seems to boil down to "users are too stupid to understand groups and permissions, so we're going to go through a lot of work to make sure they don't _have_ to understand anything". Of course, the _simple_ [to me] approach -- "chmod go-rwx ~username" -- does exactly the same sort of thing without the corresponding explosion of groups. When the users are ready to expose some of their files, they can choose to set 'em appropriately. This is the problem with KISS -- depending on your perspective, different things are simple. And it's always simple to assume your users are stupid, ignorant, lazy, and incapable of learning.... -Stewart "Says something when the vendor assumes you're stupid, eh?" Stremler -- KPLUG-List@kernel-panic.org http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
