Re: Purpose of primary and secondary user groups
On Sun, Jan 13, 2019 at 6:13 AM Bryan Harris wrote: > Is there also a difference when creating a file in a folder with set GID > bit on that folder and owned by secondary group? I think in normal > behavior, if folder allows a user to create a file (sec. group w/ 770 > perm.) then the new file group will not take the group of the folder but > will take the group of the user's primary group. But if you have set GID > bit then the new file will take the group of the folder it's in (which > will be one of the user's secondary groups). > > I thought in OpenBSD there is also a flag to mount the filesystem to > always do this regardless of set GID but I can't remember. I don't see > it in the man page so maybe with all of this I'm really thinking of > Linux but I can't remember. > Nope. OpenBSD always uses the BSD behavior. The use of the SGID bit on directories to request BSD behavior was an addition in SystemV-based systems when enough of their devs and users yelled at them to Not Be Stupid And Provide the Better Behavior. I'm not sure who or when first added the mount option. Linux certainly has both of those, but is not the only one. Philip Guenther
Re: Purpose of primary and secondary user groups
On 12/30/2018 12:33 AM, Philip Guenther wrote: On Sat, Dec 29, 2018 at 11:29 AM Ipsen S Ripsbusker < ip...@ripsbusker.no.eu.org> wrote: Aside from compatibility, what is the purpose of primary groups, compared to secondary groups? Said otherwise, why do we have both primary and secondary groups rather than only secondary groups? Yet another phrasing: Why do I need to set a primary group? Secondary groups can only be set, all at once, when running as root (e.g., login, sshd), while the primary group can be altered by setgid binaries and then switched among using set*gid(2). For filesystem objects like files and directories, the BSD behavior is for the object to get its group from the directory in which it was created, ignoring the groups of the process that created it. On more SysV-like systems the default is to take the primary group of the process that created it. However, for objects that exist in the kernel but not the filesystem such as pipes, sockets, and SysV shared memory segments, semaphores, and message queues, the common behavior is to take the primary group of the process that created it. This doesn't have much effect other than fstat() for pipes and sockets, but for SysV stuff it affects what operations processes can perform. Philip Guenther Is there also a difference when creating a file in a folder with set GID bit on that folder and owned by secondary group? I think in normal behavior, if folder allows a user to create a file (sec. group w/ 770 perm.) then the new file group will not take the group of the folder but will take the group of the user's primary group. But if you have set GID bit then the new file will take the group of the folder it's in (which will be one of the user's secondary groups). I thought in OpenBSD there is also a flag to mount the filesystem to always do this regardless of set GID but I can't remember. I don't see it in the man page so maybe with all of this I'm really thinking of Linux but I can't remember. V/r, Bryan
Re: Purpose of primary and secondary user groups
On Sat, Dec 29, 2018 at 11:29 AM Ipsen S Ripsbusker < ip...@ripsbusker.no.eu.org> wrote: > Aside from compatibility, what is the purpose of primary groups, > compared to secondary groups? > > Said otherwise, why do we have both primary and secondary groups > rather than only secondary groups? > > Yet another phrasing: Why do I need to set a primary group? > Secondary groups can only be set, all at once, when running as root (e.g., login, sshd), while the primary group can be altered by setgid binaries and then switched among using set*gid(2). For filesystem objects like files and directories, the BSD behavior is for the object to get its group from the directory in which it was created, ignoring the groups of the process that created it. On more SysV-like systems the default is to take the primary group of the process that created it. However, for objects that exist in the kernel but not the filesystem such as pipes, sockets, and SysV shared memory segments, semaphores, and message queues, the common behavior is to take the primary group of the process that created it. This doesn't have much effect other than fstat() for pipes and sockets, but for SysV stuff it affects what operations processes can perform. Philip Guenther
Re: Purpose of primary and secondary user groups
On Sat, Dec 29, 2018 at 07:27:48PM +, Ipsen S Ripsbusker wrote: > Aside from compatibility, what is the purpose of primary groups, > compared to secondary groups? > > Said otherwise, why do we have both primary and secondary groups > rather than only secondary groups? > > Yet another phrasing: Why do I need to set a primary group? > Mainly for accounting purposes. man 2 intro tells you about it. -Otto
Purpose of primary and secondary user groups
Aside from compatibility, what is the purpose of primary groups, compared to secondary groups? Said otherwise, why do we have both primary and secondary groups rather than only secondary groups? Yet another phrasing: Why do I need to set a primary group?