gnu-arch-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Re: Linus


From: Miles Bader
Subject: Re: [Gnu-arch-users] Re: Linus
Date: Mon, 13 Oct 2003 04:06:42 -0400
User-agent: Mutt/1.3.28i

On Sun, Oct 12, 2003 at 10:56:15PM -0800, Ethan Benson wrote:
> > (2) Is only useful if you have some access-control problem that can't be
> >     solved by changing a file's group-id, which seems true only if you need
> 
> to what? not all sysadmin subscribe to the user-private-group scheme
> many linux distros are so fond of.  there might well not be a group
> which does not have many members.

I have no idea why that's relevant -- I'm thinking of groups like (say, for a
hypothetical shared emacs archive):

   emacs-hackers
   emacs-gurus

All ordinary emacs hackers would belong to the emacs-hackers groups.
Only a few (rms plus a backup or two) emacs hackers would belong to both
emacs-hackers and emacs-gurus groups.

The permissions on all emacs-archive files would be rwxrwxr-x.
The permissions on all emacs-archive directories would be rwxrwsr-x.

The userid of all emacs-archive files/directories would be whoever created
them.  The groupid of `ordinary' emacs-archive files/directories would be
`emacs-hackers'; anybody in the emacs-hackers groups could modify them.  The
groupid of `special' emacs-archive files/directories (e.g. the official
release branch) would be `emacs-committers'; only the maintainer could modify
them, but anybody can read them.  Having the group sticky bit set on
directories ensures that nested files/directories share the same group.

The umask for sftp access would be (via whatever mechanism) 002.

Using the above scheme, everything seems to work, at the cost of two special
groups for the emacs project -- which doesn't seem a very high price to pay,
and also seems like an extremely natural way to set things up.

No?

-Miles
-- 
Suburbia: where they tear out the trees and then name streets after them.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]