From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1KF2cz-0007XS-OV for garchives@archives.gentoo.org; Sat, 05 Jul 2008 07:56:17 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C1586E0583; Sat, 5 Jul 2008 07:56:15 +0000 (UTC) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.171]) by pigeon.gentoo.org (Postfix) with ESMTP id 862AEE0583 for ; Sat, 5 Jul 2008 07:56:15 +0000 (UTC) Received: by ug-out-1314.google.com with SMTP id z27so850605ugc.49 for ; Sat, 05 Jul 2008 00:56:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:references:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:message-id; bh=08CtY88dCjksNSarWAALAroFeGduhclXvUJI/DYXVpQ=; b=MlOos37Y8j/LD8nElXjO0n5lWL5dz2a4nA9hEtZA2Pjq7p3/nB7Cz+RMsRWeoQbD1/ QDOr0M1cvNB5jF/aaHcDlsbYLdm4ESZddD2LPAOCbLqW22w66VlZLfvdBnGuJn8sctrR OV/ajt0kHeMToqCBqY1zi8mb75tvqQvZ4Wa/k= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:references:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :message-id; b=Kyvz/aK3ylPpgJr+zHzl/W38gwfKMb1aRPg/yjDNV/nugHYxMG9hZqCTxJFlolaVHS 1sMgBxegG7/gHe/cMONc0+EiMYuFhmOlqei7gQiPbuS4zVXP6zs3sWQF611LsEChqG+l IiF/8OqTZHyfqUxva2YAT1Iv11I3wCl5uddBE= Received: by 10.103.168.5 with SMTP id v5mr751317muo.35.1215244574690; Sat, 05 Jul 2008 00:56:14 -0700 (PDT) Received: from ?10.0.0.3? ( [41.243.240.172]) by mx.google.com with ESMTPS id u9sm5038281muf.12.2008.07.05.00.56.11 (version=SSLv3 cipher=RC4-MD5); Sat, 05 Jul 2008 00:56:13 -0700 (PDT) From: Alan McKinnon To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] OT: Filesystem permissions Date: Sat, 5 Jul 2008 09:56:09 +0200 User-Agent: KMail/1.9.9 References: <20080703174001.7066e5e3@NOTE_GENTOO64.PHHEIMNETZ> <200807042008.52273.dirk.heinrichs@online.de> <20080704202253.5cdefcd4@NOTE_GENTOO64.PHHEIMNETZ> In-Reply-To: <20080704202253.5cdefcd4@NOTE_GENTOO64.PHHEIMNETZ> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200807050956.10179.alan.mckinnon@gmail.com> X-Archives-Salt: 303b42b5-6f22-4ab0-ab1e-5bd539132013 X-Archives-Hash: 7547dde52e01f75a935fce4171bcbd74 On Friday 04 July 2008, Florian Philipp wrote: > Hmm, good point. I will monitor the situation. > If there are any occurrences of wrong permissions, I think it will be > sufficient to make an if-clause before setting the umask but maybe it > proves unneccessary. I think what you really want in this case is to set the umask to 0007 for human users and leave it as is for system users. You could either check for UID > 1000 in /etc/profile, or explicitly add the umask setting to each existing user's .bashrc. Also add it to /etc/skel to enable it for any new users in the future. Which is starting to get more complex than a simple acl :-) Experience has taught me that these general principles apply to Unix permissions pretty much always: - the normal /user/group/rwx scheme works just fine 99% of the time - 1% of the time you have an unusual need that the above doesn't cater for, but a simple unobtrusive acl does. These cases are usually obvious. - if you are using acl's a lot, there's probably something wrong with your permission scheme -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list