bug-hurd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mkdir() and group id


From: Paul Jarc
Subject: Re: mkdir() and group id
Date: Sat, 27 Apr 2002 18:30:02 -0400
User-agent: Gnus/5.090006 (Oort Gnus v0.06) Emacs/21.2 (i686-pc-linux-gnu)

address@hidden (Thomas Bushnell, BSG) wrote:
> Oystein Viggen <address@hidden> writes:
>> Combined with umask 002 (suggested by yourself), this gives members of
>> the wheel group write access to all files created in /tmp by default, as
>> these files will be writable for group root.
...
> In any case, this is the basic reason why the inherit-group property
> probably should be restricted to
> inherit-only-if-i'm-a-member-of-the-group.

Rather, I'd say this makes a case for SysV behavior: the group id
should be inherited in shared project directories, but not in global
/tmp-style directories.  So some directories can be setgid and others
not.

The restriction you mention would remove useful behavior.  Suppose a
user U is to create files writable by group G, but U is not a member
of G, because G has other access that U should not have.  With the
current inheritance behavior, root can set up a directory accessible
only by U, which contains a world-writable, setgid directory
group-owned by G.  U can create G-group-owned files in the directory
and set appropriate permissions on them, and then move them out to
other parts of the filesystem where members of G can reach them.  We
had a use for this exact behavior just yesterday at work.


paul



reply via email to

[Prev in Thread] Current Thread [Next in Thread]