Comment 4 for bug 253103
Revision history for this message
| ceg (ceg) wrote Re: users not belonging to users group | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
I agree, there are of course much more fine grained methods than the group of all users. And to be honest when adminstering larger systems the users group is probably not good for much more then giving all users write access to some device, or to files that are served on the net. Now, it's not unlikely that, as you are familiar with things like creating groups and adequate directory hierachies or ACLs, we tend to just go directly to what we know exists.
When we think more like a beginner, as new to the GNU of linux, or how we often get to know things, they may not be aquainted with directory and file permissions etc. at first. But if we asume for a moment we see a directory called /home/share/users with a private subdirectory, where all users of a family computer can put stuff for all to update and modify. (Possibly including <group>/writings and <group>/readings subdirs.) It's foreseeable that finer grained group control might come to mind at some point. But then the answer is allready there, too. The next thoughts are special user groups, how the group direcotries are used is already old news then.
In a sense the users group is the only group that can be set up by default, to work with right away and it serves as a seed. It is already there, usable if not just left empty and visible with a users group directory, for human beings to discover the logic of file permissions.
And its a reasonable answer to the question: I can easily share files around the globe, but how do I share files with my honney who has another account on our ubuntu machine at home?
Though, it is a little addition, using pam_group for this should be rather light on ressources and not make any server without users or really large multi-user setups run less perfect. (And keep /etc/group (or ldap etc.) less cluttered.)
As a modern distribution, oriented towards usability, ubuntu of course used pam from the start, it may just feel like a regression for users were able to use unix file permissions that way for ages.
Without the users group the easiest but not recomendable way is to resort to the bad habit of granting world write access.
There is no risk associated with users belonging to the users group, or is there?
Honestly, I did consider fixing "users not belonging to the users group" a non-issue. Just somthing that has been forgotten at some point of time.
I consider the users group as a feature that can be used but does not have to. But if it is to be used it has to be set up to contain all users, there is no other way around it.