[Adduser-devel] Bug#643559: adduser with personal groups should make home directory g+s
Ian Jackson
ijackson at chiark.greenend.org.uk
Tue Sep 27 14:27:44 UTC 2011
Package: adduser
Version: 3.112+nmu2
Personal groups are the default on Debian. The purpose of personal
groups is to allow users to run with a umask of 002 so that they can
sensibly access shared filespace areas whose access is controlled by
group.
This only works if the shared filespace areas remain owned by the
relevant group. This is best achieved by setting the g+s bit on all
directories which are part of shared filespace areas. This both
ensures the right ownership of newly created files and directories,
and propagates the g+s bit to subdirectories.
With personal groups, the user's home directory is owned by their
personal group so the g+s bit has no effect in that case, other than
(a) to ensure that all the subdirectories they create are also g+s
(b) to ensure that files they create in their filespace become owned
by their personal group regardness of their process's primary group.
If the user wants to make a shared filespace area, the natural
approach would be:
chgrp -R shared-group directory
If the directories in question are not g+s, this is not sufficient; a
rune to turn on g+s for the relevant directories is needed. If the
home directory areas were g+s this would not be necessary.
So in the default (personal groups) configuration, home directories
should be g+s.
Ian.
More information about the Adduser-devel
mailing list