Am 31.12.2011 16:11, schrieb Dave Ihnat: > On Sat, Dec 31, 2011 at 02:31:04PM +0100, Reindl Harald wrote: >> what have "/etc/login.defs" to do with the fact that there is >> simply no need to have a personal group for a user at all? > > You're probably not thinking about multiple users on a relatively secure > system. oh yes i consider I *think*, if I recall correctly, that AT&T System III & V put > everyone in the same group. This is a possible security breach, since any > executable/directory/file that might grant rights to that group would be > open to exploit by anyone in the group yes and no if i need that i do chmod 700 for folders and chmod 600 for files no need to create a group for each user > So, from a security point of view, it makes a lot more sense to assign each > user to their own group, and only let them in shared groups by deliberate > assignment. It doesn't cost anything in terms of resources or performance. froma security point of view abvoe chmod's are making much more sense and if you need finer restrictions you need ACL's where groups for each user does not make sense at all - you need in this case groups for several roles and assing matching ACL's own groups for each user does not make sense at all
Attachment:
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
