On Mon, 2003-11-17 at 07:07, Andrew Sands wrote:
> What I'd appreciate knowing;
>       a) Is there any need to do the 'RedHat' style username = groupname.
>       b) Is the 'Gentoo' way better

If your machine's users don't need to allow each other (security
mediated; i.e. non-public) access to their files, then either model is
fine, because you won't be using groups at all :-)

If you have only a small user population (<10?) and only a small amount
of sharing, then the username=group method is fine.

If you have lots of users, and lots of required sharing, then you pretty
much have to set up your own set of groups anyway.

The extension of this is ACLs - I've used ACL-based systems extensively
in the past, and without a decent management system, they become very
difficult to manage. Groups are clunky compared to ACLs, but generally
adequate.

-jim

Reply via email to