Default group

Marc Deslauriers marc.deslauriers at
Wed Oct 17 14:44:34 UTC 2012

On 12-10-17 09:59 AM, John Moser wrote:
> I suggest all users should go into group 'users' as the default group,
> with $HOME default to 700 and in the group 'users'.  A umask of 027 or
> the traditional 022 is still viable:  the files in $HOME are not
> visible because you cannot list the contents of $HOME (not readable)
> or change into it to access the files within (not executable).  A user
> can grant permissions to other users to access his files simply by
> making the directory readable by them--by 'users' or others (thus
> everyone) or by fine-grained POSIX ACLs selecting for individual users
> and groups.

We want users to be able to share files with other users. Having $HOME
be 700 defeats that purpose. See:

Also, one of the reasons for using User Private Groups, is to be able to
create directories that are used by multiple users, by setting the
setgid on the directory. With a default umask of 022, users need to
manually set group permissions each time they create a file.


Marc Deslauriers
Ubuntu Security Engineer     |
Canonical Ltd.               |

More information about the Ubuntu-devel-discuss mailing list