[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Devel] homedirectories and umask

To: devel@xxxxxxxxxxxxx
Subject: [Devel] homedirectories and umask
From: Finn-Arne Johansen <faj@xxxxxx>
Date: Sun, 11 May 2003 22:45:39 +0200
Cc: Diskusjonsliste for Skolelinux <linuxiskolen@xxxxxxxxxxxxx>
List-archive: <https://init.linpro.no/pipermail/skolelinux.no/devel/>
List-help: <mailto:devel-request@skolelinux.no?subject=help>
List-id: <devel.skolelinux.no>
List-post: <mailto:devel@skolelinux.no>
List-subscribe: <https://init.linpro.no/mailman/skolelinux.no/listinfo/devel>, <mailto:devel-request@skolelinux.no?subject=subscribe>
List-unsubscribe: <https://init.linpro.no/mailman/skolelinux.no/listinfo/devel>, <mailto:devel-request@skolelinux.no?subject=unsubscribe>
Mail-followup-to: devel@skolelinux.no, Diskusjonsliste for Skolelinux <linuxiskolen@skolelinux.no>
Sender: devel-admin@xxxxxxxxxxxxx
User-agent: Mutt/1.3.28i

Some time ago, we had a discusion about umask and homedirs and
filegroups and permissions. 

As of today, SL-users is logged in with umask 022, which means that
files created is read-write for the owner, and real-only for group and
world. After reading some documentation I agreed wityh what the rest of
developers who raised their voice, that we should use private primary
group, and use chmod 2770 (or 2775) on common directories. 

that means that if we then 
  mkdir /skole/tjener/tutor
  chgrp tutor /skole/tjener/tutor
  chmod 2770 /skole/tjener/tutor
and add all the tutors into the group tutor, the will be able to
read/write into the dirvetory, but students will be denied. 
So far everything is fine.
Now back to the home-directory. It was suggested to set the
home-directories to 0770, but that left us with a small problem. 
Apache was unable to use userdir within the users home-directory. this
is solvable by creating the userdir somewhere elsewhere, but that gives
us more to administer. 
Is it safe enough to set the home directory to 
  chmod 0771?
  should we use separate homedirs? 
  should we disable the userdir and leaving to the schools to decide?

-- 
Finn-Arne Johansen 
faj@xxxxxx
http://bzz.no/?page=finnarne
Registered Linux user #86307 (http://counter.li.org)

Prev by Date: [Devel] New Skolelinux CD image prerelease 38 (pr38)
Next by Date: [Devel] Summer Developer Meeting
Previous by thread: [Devel] New Skolelinux CD image prerelease 38 (pr38)
Next by thread: [Devel] Usefull documentation
Index(es):
- Date
- Thread