On Wed, May 24, 2000 at 09:03:28PM -0800, Ethan Benson wrote: > what kernel are you using? i think your using 2.2.12 which had a bug, > observer 2.2.15: [snip] > changing the owner or group is supposed to remove s[ug]id bits, 2.2.12 > had a bug where this did not occur, it was fixed in 2.2.13. nnorman@canaris:~ $ uname -a Linux canaris 2.2.13 #1 Thu Jan 6 20:42:17 CST 2000 i686 unknown 2.2.12 sucked big time; I never used it in production > > A weak argument to be sure, but it's the only benefit I can see :) > > it turns out to not be a benifit at all. > > fwiw i setup a /usr/local/sbin/adduser.local to remove the sgid bit > and set the home directory to mode 0710 group users. and my global > umask is 027. IMO users should have to make the decision themselves > to make all thier files world readable. On boxes where there are users of unknown trust, I also set the uamsk to 027 and don't use usergroups. On development boxes that are shared among coworkers the umask stays at 002 and usergroups are used. -- Nathan Norman "Eschew Obfuscation" Network Engineer GPG Key ID 1024D/51F98BB7 http://home.midco.net/~nnorman/ Key fingerprint = C5F4 A147 416C E0BF AB73 8BEF F0C8 255C 51F9 8BB7
Attachment:
pgpifADVj0m5y.pgp
Description: PGP signature