[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fwd: Re: [Gnu-arch-users] unable to acquire revision lock
|
From: |
Robert Anderson |
|
Subject: |
Re: Fwd: Re: [Gnu-arch-users] unable to acquire revision lock |
|
Date: |
22 Nov 2003 18:47:24 -0800 |
On Wed, 2003-11-19 at 18:51, Andrew Suffield wrote:
> On Wed, Nov 19, 2003 at 03:52:20PM -0500, Robert Anderson wrote:
> > >Setting the umask should help though, right?
> >
> > If you're free to do so by default, then sure. I'm not. I think
> > this is not uncommon in any workplace for which security is a
> > priority.
>
> You have an implicit self-contradiction here.
I don't believe so.
> On the one hand, you have security policy which mandates a umask which
> prohibits other group members from writing to files and directories
> you create, presumably in order to stop them from writing to such
> files and directories.
No, I don't. And I didn't say I did.
> On the other hand, you want to allow other group members to write to
> files and directories you create.
Yes, I do.
> This conflict is entirely of your own making.
> Nobody else can help you here. Either your security policy or your desire is
> going to have to
> give.
No. The policy is a default. The only absolutes are wrt world
read/write permissions (which is irrelevant for the current
discussion.) You can wrangle over the precise meaning of "default," but
that would be boring and unnecessary. My umask that I set in login
files has to mask group read/write. It is not against the policy to
chmod g+rwx, nor is it against the policy to change it for some
particular operation and then change it back. There is no
contradiction.
> We have a large pile of proposed solutions when you decide which one.
I really like the uri extension to allow for umask settings. That seems
ideal to me: it solves my problem in particular perfectly.
Bob