Chapter 5. Users and Groups
93
User Private Group
Every user has a primary group; the user is the only member of that group.
umask = 002
Traditionally, on UNIX systems the umask is 022, which prevents other users and other members
of a user's primary group from modifying a user's files. Since every user has their own private
group in the UPG scheme, this "group protection" is not needed. A umask of 002 will prevent
users from modifying other users' private files. The umask is set in
/etc/profile
.
setgid bit on Directories
If you set the setgid bit on a directory (with
chmod g+s directory
), files created in that direc 
tory will have their group set to the directory's group.
Many IT organizations like to create a group for each major project and then assign people to the
group if they need to access that group's files. Using this traditional scheme, managing files has been
difficult because when someone creates a file, it is associated with the primary group to which they
belong. When a single person works on multiple projects, it is difficult to associate the right files with
the right group. Using the UPG scheme, however, groups are automatically assigned to files created
within a directory with the setgid bit set, which makes managing group projects that share a common
directory very simple.
For example, say you have a big project called devel, with many people editing the devel files in a
devel
directory. Make a group called
devel
,
chgrp
the
devel
directory to
devel
, and add all of
the devel users to the
devel
group.
You can add a user to a group using User Manager (see the Official Red Hat Linux Customiza 
tion Guide), or if you prefer to use the command line, use the
/usr/sbin/groupadd groupname
command to create a group. The
/usr/bin/gpasswd  a loginname groupname
command will
add a user loginname to a group. (See the
groupadd
and
gpasswd
man pages if you need more
information on their options.) The
/etc/group
file contains the group information for your system.
If you created the
devel
group, added users to the
devel
group, changed the group for
devel
directory to the
devel
group, and set the setgid bit for the
devel
directory, all devel users will be
able to edit the devel files and create new files in the
devel
directory. The files they create will always
retain their
devel
group status, so other devel users will always be able to edit them.
If you have multiple projects like devel and users who are working on multiple projects, these users
will never have to change their umask or group when they move from project to project. If set correctly,
the setgid bit on each project's main directory "selects" the proper group for all files created in that
directory.
Since each user's home directory is owned by the user and their private group, it is safe to set the
setgid bit on the home directory. However, by default, files are created with the primary group of the
user, so the setgid bit would be redundant.
5.4.1. User Private Group Rationale
Although the User Private Group (UPG) has existed in Red Hat Linux for quite some time, many
people still have questions about it, such as why UPG is necessary. To illustrate its use, consider the
following scenario.
You would like to have a group of people work on a set of files in the
/usr/lib/emacs/site 
lisp/
directory. You trust a few people to modify the directory but certainly not everyone. So first
create an
emacs
group:
/usr/sbin/groupadd emacs
In order to associate the contents of the directory with the
emacs
group, type:






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

tomcat hosting

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved