Next: 10.4 The Boot Process
Up: 10.3.3 User Private Groups
Previous: 10.3.3 User Private Groups
Since the UPG scheme is new, many people have questions about it,
and they wonder why it is necessary. The following is the rationale for
the scheme.
- You'd like to have a group of people work on a set of files
in say, the /usr/lib/emacs/site-lisp directory. You trust a
few people to mess around in there, but certainly not everyone.
- So you enter:
chown -R root.emacs /usr/lib/emacs/site-lisp
and you add the proper users to the group.
- To allow the users to actually create files in the directory
you enter:
chmod 775 /usr/lib/emacs/site-lisp
- But when a user creates a new file it is assigned the
group of the users default group (usually users).
To prevent this you enter
chmod 2775 /usr/lib/emacs/site-lisp
which causes everything in the directory to be created with
the ``emacs'' group.
- But the new file needs to be mode 664 for another
user in the emacs group to be able to edit it. To do this you make
the default umask 002.
- Well, this all works fine, except that if your default group
is ``users'', every file you create in your home directory will
be writable by everybody in ``users'' (usually everyone).
- To fix this, you make each user have a ``private group'' as their
default group.
At this point, by making the default umask 002 and giving everyone
a private default group, you can easily set up groups that users
can take advantage of without doing any magic. Just create the
group, add the users, and do the above chown and chmod on the
group's directories.
Red Hat Software