Default group

[Jordon Bedwell]

On Wed, Oct 17, 2012 at 8:59 AM, John Moser <john.r.moser at gmail.com> wrote:
> I suggest all users should go into group 'users' as the default group,
> with $HOME default to 700 and in the group 'users'.  A umask of 027 or
> the traditional 022 is still viable:  the files in $HOME are not
> visible because you cannot list the contents of $HOME (not readable)
> or change into it to access the files within (not executable).  A user
> can grant permissions to other users to access his files simply by
> making the directory readable by them--by 'users' or others (thus
> everyone) or by fine-grained POSIX ACLs selecting for individual users
> and groups.

The problem with this is how are you going to fix permissions on bad
software like Ruby Gems who do not reset permissions when packaging
and uploading to the public repository (because they claim this would
"violate security" even though it comes from a public repo like the
Debian repo and having public read and execute on a public gem from a
public place is "bad".) This has a huge impact as a default permission
for not just examples like Ruby gems but other software do not reset
when packaging, making it more cumbersome to package software and
making it so now work around's are the rule and not the exception.