Re: NetBSD and User Private Groups (Unique Groups)

[Brett Lymn <blymn%internode.on.net@localhost>]

On Wed, Jan 29, 2020 at 11:29:54AM +0000, Ottavio Caruso wrote:
> 
> I wonder how this can possibly _not_ be useful.
> 

When you have a naming service that does not like multiple objects with
the same name (yas, I am looking at you Active Directory....).  To be
honest I have never done AD integreation with NetBSD, only linux for
$WORK but the tools are the same so I think it highly likely to work.

You get bonus pain points if you are using a NFS v4 filer that is hooked
to the same AD and will return EPERM for any group it doesn't know about
so you if you try "chown usera:usera foobar" you get a "permission
denied".

Of course, these are things most people will  not encounter but you did
ask :)

> On a multi user system, all files are created readable by the group (umask
> 022). If we are all in the same group, anybody can read my newly created
> files (imagine a local password file for alpine or ssl certs for irc, etc).
> It's then left to the user to change umask and/or adjust permissions. Why
> not just make it easier for the user?
> 

They don't have to be - that is a local policy.  For $WORK we used to
default the umask to 077 so people had to make the choice to share.

-- 
Brett Lymn
--
Sent from my NetBSD device.

"We are were wolves",
"You mean werewolves?",
"No we were wolves, now we are something else entirely",
"Oh"