Default group

Wed Oct 17 22:43:17 UTC 2012

On 12-10-17 05:45 PM, John Moser wrote:
> 
> 
> On 10/17/2012 05:34 PM, Marc Deslauriers wrote:
>> On 12-10-17 03:52 PM, John Moser wrote:
>>>
>>> First, he must find the sysadmin.  The sysadmin must then put wriker
>>> in group jkirk.  Also, ~jkirk must be group-readable, as must any
>>> files.
>>
>> In a default Ubuntu installation, jkirk's files are already accessible
>> to other users.
> 
> Yeah I just looked and saw that, my whole $HOME is world-readable.
> 
> This displeases me.  I'd prefer default $HOME chmod 700.

As I said, we wanted people to be able to share files by default without
having to understand granting permissions. This has already been
discussed to death, although it's been a while.

> 
>>
>>
>> A user can't change permissions on his $HOME by himself. Only a sysadmin
>> can.
> 
> $ ls -ld ~
> drwxr--r-x 100 bluefox bluefox 4096 Oct 14 11:47 /home/bluefox
> $ chmod go-rx ~
> $ ls -ld ~
> drwx------ 100 bluefox bluefox 4096 Oct 14 11:47 /home/bluefox
> $ setfacl -m u:root:r ~
> $ getfacl ~
> # file: home/bluefox
> # owner: bluefox
> # group: bluefox
> user::rwx
> user:root:r--
> group::---
> mask::r--
> other::---
> 
> Try again.

Of course, you're absolutely right. I'm not sure what I was thinking
there for a sec. :P

> 
>>
>> This only works if the user default umask is 002, which wouldn't be the
>> case if you're not using User Private Groups.
> 
> Well, it's the case now; and if we leave it the case and make ACL
> handling more intuitive, then it'll all work.  Changing $HOME to 700
> instead of 755 would adequately protect the user's private files in
> $HOME even with a umask of 002, since you simply can't look into $HOME
> to read/modify those files anyway.

I'm not sure this proposal would be simple enough to be understood by
most non-technical users. Also, last time we looked at using extended
attributes, there were issues with proper support in common tools,
backup software, certain filesystems, etc. This would need to be looked
at again to see if extended attributes can be used now. It's certainly
worth investigating it again.

> 
> The only other thing needed would then be a "Shared Documents" alike
> (borrowing from Windows again--it's a pile of crap but that doesn't mean
> everything associated is terrible by default) supplying a place for
> folks to put shared files or such secured shared folders, made sticky of
> course.

Well, right now we're defaulting to sharing everything except private
information in private directories. Your proposal is basically to share
nothing, and create exceptions. If this is to be discussed again, we
probably need to figure out if our users are able to understand file
permissions well enough to be able to share documents.

Of course, this is all moot without home directory encryption, and when
you turn that on, there's basically no sharing at all.

Marc.