On Fri, Oct 29, 2010 at 10:12 PM, Brynet <bry...@gmail.com> wrote: > > I believe the real problem here is that you're allowing users on your > systems that are incapable of properly setting the group/world > permissions of their home directories.
My employer lets a variety of people on their systems - they just want work to get done and don't know or care about this kind of thing. Don't you have this problem where you work? Seriously, putting everyone in the same 'users' group is like running all your daemons as 'nobody'. I can quote a stack of UNIX books that recommend against both (a couple examples are Secure Architectures with OpenBSD, the AbsoluteBSD books, and the ones I linked to above). They all talk about using 'adduser' and how per-user groups is the best option - which is why it is the default. Changing the default would invalidate a lot of documentation. > It's also a possibility that you are derelict in your duties as a > systems administrator. > > No cookies for you. This is tech@, not m...@. Daniel