James Knott wrote: > Fajar Priyanto wrote: >> On Wednesday 23 May 2007 14:49, Joachim Schrod wrote: >> >>> Phil answered your question how to enable the RH behavior by >>> setting the umask globally. >>> >>> If you don't want to do this, there is the possibility to use >>> access control lists (ACLs); the default ACL determines the access >>> right of newly created files. >>> >>> I don't know if the global umask setting is sufficient for you, so >>> I stop here with the explanation; ask, if you need more info. >>> >>> But note: both methods don't support changing the access rights of >>> files that are created elsewhere, e.g., in a personal directory, >>> and moved to the shared directory. (That's because moving doesn't >>> create a file, it just changes the directory entry. (Reality is >>> even more complex, but hopefully you'll see what I mean.)) >>> >> Hi Joachim, >> Do you know where I can set the umask globally in Suse? >> >> However, I don't think setting up the umask globally would be "as safe as" >> in >> RH, because Suse doesn't use the concept of UPG (user private group). So, if >> I set the umask globally, then it means every user can access those files >> and >> directory in the "test" directory. >> >> > > You can create private groups manually, when you create a user. > However, I agree that the current SUSE configuration, where anyone can > read personal folders is bizarre. It's beyond belief that SUSE would > combine a common "users" group with such a default mask.
Yes, you're right. The combination of a default umask of 022 and a generic user group of 'users' is pretty insecure. Is there a bug about this? -- Jonathan Arnold (mailto:[EMAIL PROTECTED]) Daemon Dancing in the Dark, an Open OS weblog: http://freebsd.amazingdev.com/blog/ UNIX is user-friendly. It's just a bit picky about who its friends are. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
