User Private Groups

RHC Linux uses a user private group (UPG) scheme, which makes UNIX groups much easier to use. The UPG scheme can be summarized with three points:

User Private Group

Each user has their own primary group, of which only they are a member.

umask = 002

The traditional UNIX umask is 022, which prevents other users and other members of a user's primary group from modifying a user's files. Since every user has their own private group in the UPG scheme, this ``group protection'' is not needed. A umask of 002 will prevent users from modifying other users' private files.

SGID bit on Directories

By setting the SGID bit on a directory (with chmod g+s directory), files created in that directory will have their group set to the directory's group.

The UPG scheme makes managing group projects very simple. Let's say you have a big project called FOO, with many people editing the FOO files in a FOO directory. Make a group called foo, chgrp -R the FOO directory to foo, and add the all the FOO users to the foo group. Now, all the FOO users will be able to edit the FOO files and create new files in the FOO directory, and these files will always retain their foo group, and thus they will always be editable by other FOO users.

If you have multiple projects like FOO, and users who are working on multiple projects, these users will never have to change their umask or group when they move from project to project. The SGID bit on each project's main directory ``selects'' the proper group.

Since each user's HOME directory is owned by the user and their private group, it is safe to set the SGID bit on the HOME directory. However, by default, files are created with the primary group of the user, so there is no real effect.

The easiest way to manage users and groups is through the Users and Groups module of the control-panel (see section 4 for details on the control-panel and section 4.1 for details on the Users and Groups module).

You can also use adduser to create a new user from the command line.