Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: Why is 'users' is the default group for new users in openSUSE?

  1. #1

    Default Why is 'users' is the default group for new users in openSUSE?

    I am new to openSUSE. In other Linux distros I've used, new users are assigned to their own group (i.e. user 'joe', group 'joe') by default. To my surprise, when I create new users with my openSUSE 11.4, they are all assigned to the 'users' shared group by default.

    To test this, I created a new user called 'friends'. From my terminal, I can see how the new user files look like:

    joe@linux:~> ls -l /home/friends/
    total 40
    drwxr-xr-x 2 friends users 4096 Sep 3 11:37 bin
    drwxr-xr-x 2 friends users 4096 Sep 3 11:38 Desktop
    drwxr-xr-x 2 friends users 4096 Sep 3 11:38 Documents
    drwxr-xr-x 2 friends users 4096 Sep 3 11:38 Downloads
    drwxr-xr-x 2 friends users 4096 Sep 3 11:38 Music
    drwxr-xr-x 2 friends users 4096 Sep 3 11:38 Pictures
    drwxr-xr-x 2 friends users 4096 Sep 3 11:38 Public
    drwxr-xr-x 2 friends users 4096 Sep 3 11:37 public_html
    drwxr-xr-x 2 friends users 4096 Sep 3 11:38 Templates
    drwxr-xr-x 2 friends users 4096 Sep 3 11:38 Videos

    Does this mean that by default, while I am logged is as user 'joe', I will be able to see and open other users' home files? The scary thing is that I went ahead and logged in as user 'friends' and I was able to access all my personal files in /home/joe. Does this mean that the default openSUSE security allows for all users to share and have access to each others home files?

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,158

    Default Re: Why is 'users' is the default group for new users in openSUSE?

    Why not?

    Distros differ. When they did it all the same, there would be but one distro.
    The whole idea of groups would be futile when every user would have his own group.

    If other users (in the same group or not) can have access (of any of the read/write/execute category) depends on how that user manages his access bits. A user is responsable himself. You can only help him in providing a more strict umask to him by default. Or he can do that himself. And he can (re)set all of the access bit of his own files himself (chmod or file manager).

    It is only a default in both csses and you, as system manager, should implement a policy on which users should go into which groups (finance department and sales department and .....).
    Henk van Velden

  3. #3
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    19,856
    Blog Entries
    14

    Default Re: Why is 'users' is the default group for new users in openSUSE?

    Quote Originally Posted by JorgePadron View Post
    The scary thing is that I went ahead and logged in as user 'friends' and I was able to access all my personal files in /home/joe. Does this mean that the default openSUSE security allows for all users to share and have access to each others home files?
    No, you're not. You haven't tried the Documents folder...
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  4. #4

    Default Re: Why is 'users' is the default group for new users in openSUSE?

    Quote Originally Posted by hcvv View Post
    Why not?

    Distros differ. When they did it all the same, there would be but one distro.
    The whole idea of groups would be futile when every user would have his own group.

    If other users (in the same group or not) can have access (of any of the read/write/execute category) depends on how that user manages his access bits. A user is responsable himself. You can only help him in providing a more strict umask to him by default. Or he can do that himself. And he can (re)set all of the access bit of his own files himself (chmod or file manager).

    It is only a default in both csses and you, as system manager, should implement a policy on which users should go into which groups (finance department and sales department and .....).
    Henk, clearly each distro is able to implement their own defaults. Just look at the decision Ubuntu made on 11.04 to switch to the UNITY GUI and how their established user base have been abandoning ship by the thousands.

    What caught my attention, as a long time sysadmin, is that this distro's defaults allows for shared home user folders. The other operating systems and Linux distros I've used always create private home folders by default. I fully understand that this is merely a default setting, and that the sysadmin may change it at will, but I'm still puzzled as to why would anybody want shared home folders by default. I would think that non-shared folders, for instance each user in his own user group (i.e. user 'joe', group 'joe'), like it is done in the other Linux distros, would be a more sensible and a more Unix-like secure 'default'.

    JP

  5. #5
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,158

    Default Re: Why is 'users' is the default group for new users in openSUSE?

    Quote Originally Posted by JorgePadron View Post
    I would think that non-shared folders, for instance each user in his own user group (i.e. user 'joe', group 'joe'), like it is done in the other Linux distros, would be a more sensible and a more Unix-like secure 'default'.
    JP
    It wouldn't help much because it seems that the default umask on default created users in openSUSE seems to be 022. This means that files created by the user (and not protected by him) are as readable by everybody as by his group fellows.

    When you think these defaults of he defaults should be different (they are in /etc/default/useradd), for which you have of course valid arguments, file a request at https://features.opensuse.org/

    But it might be easier to change etc/default/useradd yourself.
    Henk van Velden

  6. #6
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,639
    Blog Entries
    3

    Default Re: Why is 'users' is the default group for new users in openSUSE?

    Personally, I like it the way that it is.

    Unix came into existence as a system that encouraged sharing. I want all of my files to be readable by other users, with the exceptions of incoming mail and of files/directories where I explicitly use "chmod" to make them private.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  7. #7
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    19,856
    Blog Entries
    14

    Default Re: Why is 'users' is the default group for new users in openSUSE?

    When taking a closer look at the screens in Yast's usermanagement, you'll see that you can override the default "755" permissions of a user's homedir. Set them to "700" and you are where you want to be.
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  8. #8
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,158

    Default Re: Why is 'users' is the default group for new users in openSUSE?

    Quote Originally Posted by Knurpht View Post
    When taking a closer look at the screens in Yast's usermanagement, you'll see that you can override the default "755" permissions of a user's homedir. Set them to "700" and you are where you want to be.
    I also guess (not sure, never tried), that when you change the access bits in /etc/skel, that useradd and YaST will follow that and create likewise.
    Henk van Velden

  9. #9

    Default Re: Why is 'users' is the default group for new users in openSUSE?

    Thank you all for your input and ideas!

    JP

  10. #10
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: Why is 'users' is the default group for new users in openSUSE?

    You have just encountered one of two schools of thought on the default group of users. Remember though that even if joe has his own group joe, he usually doesn't have any permission to add people to his group and needs an admin to do this for him, which makes it a little less useful.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •