[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] User private groups?
Am Montag, 9. Januar 2006 12:55 schrieb Alex Hargrove:
> Suppose you have a directory structure which is shared by a group
> of users. There, for the directories, the group-s-bit is set, making
> sure that anything created there belongs to the same group as the
> directory wherein it's created. Now if something is created there,
> you want the group-write-bit set, so the rest of the group can change
> it. So you set umask to something very open, giving automatical write
> access to the group.
> So far, everything is fine. But, if you are lazy, you leave that
> umask active even when working in other directories.
If you are really lazy *and* want to have a secure solution,
- don't change you umask
- use a default ACL for the directory that sets group write permissions
setfacl -d -m mask:007 /path/to/directory
is all you need. 
 Well, if subdirectories already exist, you have to call setfacl on
"Die Tastatur finden Sie, indem Sie das Kabel verfolgen, das mit einem
5poligen DIN-Stecker an der Rueckseite Ihres Rechners angebracht
ist." aus der CrossPoint Hilfe
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here