Re: setgid - its current use

[Rob Couto]

> I think you need user-private groups and setgid directories.
>
> First of all, ensure that each user has a group of
> their own. Do NOT put all users into a "users" group.
> So user "gami" would be in group "gami", or maybe
> a "gami_group" group if you prefer. Have the home
> directories owned by these groups.
>
> Second, set the umask to allow group write access.
> (this is why you need the user-private groups)
>
> Now suppose you have two users, bill and tom,
> who need to work together on the spamming project.
> Create a group called "spamming". Create a project
> directory /projects/spamming owned by root and
> in the spamming group. Make this directory setgid
> and group writable. Any files created in this
> directory will be owned by the spamming group.
> Due to the umask setting, permissions on these
> new files will allow access by all group members.
> The setgid bit will propagate to any newly created
> directories, but not to newly created files.
>

that must be the fine-grained control _i_ was after!! thank you... and we 
thought mandrake was a little stupid for doing new users that way... neural 
oops 

-- 
Rob Couto [rpc@xxxxxxxxxxxx]
Rules for computing success:
1) Attitude is no substitute for competence.
2) Ease of use is no substitute for power.
3) Safety matters; use a static-free hammer.
--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/