James Knott wrote:
Fajar Priyanto wrote:
On Wednesday 23 May 2007 14:49, Joachim Schrod wrote:
Phil answered your question how to enable the RH behavior by setting the umask globally.
If you don't want to do this, there is the possibility to use access control lists (ACLs); the default ACL determines the access right of newly created files.
I don't know if the global umask setting is sufficient for you, so I stop here with the explanation; ask, if you need more info.
But note: both methods don't support changing the access rights of files that are created elsewhere, e.g., in a personal directory, and moved to the shared directory. (That's because moving doesn't create a file, it just changes the directory entry. (Reality is even more complex, but hopefully you'll see what I mean.))
Hi Joachim, Do you know where I can set the umask globally in Suse?
However, I don't think setting up the umask globally would be "as safe as" in RH, because Suse doesn't use the concept of UPG (user private group). So, if I set the umask globally, then it means every user can access those files and directory in the "test" directory.
You can create private groups manually, when you create a user. However, I agree that the current SUSE configuration, where anyone can read personal folders is bizarre. It's beyond belief that SUSE would combine a common "users" group with such a default mask.
Yes, you're right. The combination of a default umask of 022 and a generic user group of 'users' is pretty insecure. Is there a bug about this? -- Jonathan Arnold (mailto:jdarnold@buddydog.org) Daemon Dancing in the Dark, an Open OS weblog: http://freebsd.amazingdev.com/blog/ UNIX is user-friendly. It's just a bit picky about who its friends are. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org