Henk P. Penning wrote:
On Tue, 5 Oct 2004, Mark R. Diggory wrote:

Date: Tue, 05 Oct 2004 14:11:03 -0400
From: Mark R. Diggory <[EMAIL PROTECTED]>
To: Henk P. Penning <[EMAIL PROTECTED]>
Subject: Re: md5's

               In the opposite direction, individual ownership without
group write capabilities blocks individuals from "removing" releases
when it is time for them to be excised.

  I don't think it does.

  If you have write permission on a directory, you can remove any
  file in it, including the files you don't own and can't write.

  On Solaris 'rm' asks first, but you can remove. I can't check
  the situation on minotaur. I assume the same thing goes.


Your right, that makes sense, I was being shortsighted. So your saying that if the directory is group writable and the files are not, then any member of the group can still delete the file and replace it with a new one, in which case I don't need to give write permissions on the files for others to take ownership by copy/moving them individually.

Ok, so I'll put the permissions back on those files, if others want to take ownership of the files great. So, I agree files shouldn't be group writable in this case. Directories, yes, but files, no...

But this still doesn't solve the fact that at the project level members of separate projects can still manipulate the contents of other projects within that unix group.

Maybe back when the unix groups were established the the number of projects under a groups wasn't an issue, now however, this isn't scalable, with so many projects in jakarta, there's little control across the project permissions, in terms of distributions.

-Mark -- Mark Diggory Open Source Software Developer Apache Jakarta Project http://jakarta.apache.org

Reply via email to