Well I agree you can be in as many groups as you like. But what I meant was that making your primary group the same as the user means you have no granularity of control without adding extra groups. It makes 0700 the same as 0770. I suppose as groups essentially relax security, giving each user his/her own groups should make a tighter ship but in practice what people do is to give world access when they shouldn't. The proper solution is to add a group of course. Few do this I think. But my real rant was against the sloppy access controls at installation time which means that the regular user can look at all sorts of system things they shouldn't. I don't know of any automatic hardening procedure that can correct this. Best wishes John John Logsdon "Try to make things as simple Quantex Research Ltd, Manchester UK as possible but not simpler" j.logsdon@xxxxxxxxxxxxxxxxxxxx a.einstein@xxxxxxxxxxxxxx +44(0)161 445 4951/G:+44(0)7717758675 www.quantex-research.com On Tue, 24 May 2005, Les Mikesell wrote: > On Tue, 2005-05-24 at 04:49, John Logsdon wrote: > > > At the user level, RH (? was it them?) started off the fashion of giving > > every user their own group. So groups become immediately pointless. > > How so? The point of groups is that you can be in more than one. How > does starting out in a group of your own make them pointless? It does > give a unique entry by default that the administrator can customize for > each user that wants others to be able to access his files. > > -- > Les Mikesell > lesmikesell@xxxxxxxxx > > > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos >