Re: [gentoo-user] OT: Filesystem permissions

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

From: Alan McKinnon <alan.mckinnon@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] OT: Filesystem permissions
Date: Sat, 5 Jul 2008 09:56:09 +0200	[thread overview]
Message-ID: <200807050956.10179.alan.mckinnon@gmail.com> (raw)
In-Reply-To: <20080704202253.5cdefcd4@NOTE_GENTOO64.PHHEIMNETZ>

On Friday 04 July 2008, Florian Philipp wrote:
> Hmm, good point. I will monitor the situation.
> If there are any occurrences of wrong permissions, I think it will be
> sufficient to make an if-clause before setting the umask but maybe it
> proves unneccessary.

I think what you really want in this case is to set the umask to 0007 
for human users and leave it as is for system users. You could either 
check for UID > 1000 in /etc/profile, or explicitly add the umask 
setting to each existing user's .bashrc. Also add it to /etc/skel to 
enable it for any new users in the future.

Which is starting to get more complex than a simple acl :-)

Experience has taught me that these general principles apply to Unix 
permissions pretty much always: 

- the normal /user/group/rwx scheme works just fine 99% of the time
- 1% of the time you have an unusual need that the above doesn't cater 
for, but a simple unobtrusive acl does. These cases are usually 
obvious.
- if you are using acl's a lot, there's probably something wrong with 
your permission scheme

-- 
Alan McKinnon
alan dot mckinnon at gmail dot com

-- 
gentoo-user@lists.gentoo.org mailing list

next prev parent reply	other threads:[~2008-07-05  7:56 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-07-03 15:40 [gentoo-user] OT: Filesystem permissions Florian Philipp
2008-07-03 15:52 ` Alan McKinnon
2008-07-03 17:58   ` Florian Philipp
2008-07-04 14:24     ` Alan McKinnon
2008-07-04 15:03       ` Florian Philipp
2008-07-04 16:35         ` Alan McKinnon
2008-07-04 17:31           ` Florian Philipp
2008-07-04 18:08             ` Dirk Heinrichs
2008-07-04 18:22               ` Florian Philipp
2008-07-05  7:56                 ` Alan McKinnon [this message]
2008-07-04  0:05 ` Daniel Iliev
2008-07-04  7:58 ` Dirk Heinrichs
2008-07-04  8:01   ` Dirk Heinrichs

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200807050956.10179.alan.mckinnon@gmail.com \
    --to=alan.mckinnon@gmail.com \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox