> +Systems will typically put all end-users in the same group "users" > +with the default umask of 022. Other > +systems (or system administrators) may put users > +in their own group with the umask of 002. > +Applications should not assume one or the other.
Neither the old or new clause reflect reality in the Linux world. Most people are putting users in their own group. Some of them add them to an all users group as well. This is a failure to document existing standards therefore wrong (and it was wrong before you submitted the edit). Things like the default umask should NEVER be in a standard. Its forcing policy on administrators, that sucks. (as an aside an 022 policy with a default group is a serious security administration error allowing a successful user account penetration by default to read compromise almost all files on the system). If we are going to set a policy we should set one that works! Putting it in is also pointless because: - We allow administrators to change it (we have to) Therefore: The software must be able to cope with any setup. Therefore: Specifying it doesn't help anyone Therefore: We shouldnt specify it We also need to recognize that in the current heavily internetworked world that user and group policy isnt a Linux thing. Someone running 5000 seats under LDAP isn't going to be pleased if some box starts ordering policy for his network. The only policy we should enshrine is the legacy SYS5 tradition which is already buried in things like Apache. That is uid < 100 and gid <100 are reserved for system use. This is common across almost all unix and unix like platforms IMHO at most should say (and I submit this to the LSB as an alternative) ---- Systems will put all normal users in the group 'users'. All normal users and normal user groups will be above the uid/gid of 100. No system required uid or gid is to be placed above uid/gid 99 as this may clash with real users imported via NIS or LDAP from other Unix systems. Applications cannot assume non system uids will be provided from the password file. The password file format is undocumented by this standard. The *pwnam(3) calls must be used to access it. Applications cannot assume any policy for the default umask or the default directory permissions a user may have. Applications should enforce user only file permissions on private files such as mailboxes. The location of the users home directory is also not defined by policy other than the recommendations of the FHS and must be obtained by the *pwnam(3) calls. When an application needs to add a user or a group to the system it must invoke the useradd or groupadd applications.
