On the computers I administer I usually create a new group per user as the default group. This seems to be the default on other distributions but I have not seen an option in Yast to do that other than by manual steps. Did I overlook something? Is there an option via command line?
AFAIK this creation of a group for each user is not supported by default in SUSE tools, so you have to do it manually using groupadd and useradd. I know that some other distros use this other convention. It’s really a toss up whether all users are put in a single group or each user gets their own group, except there may be an advantage for some corner situations.
You can do it in YaST; add a new group and then add a user to that group or move an existing user to it. But, as ken_yap says, it is not the default in openSUSE. IMHO it is easier to administer sharing among users using the same machine this way because users can decide which folders to share and set the permissions accordingly.
Thank you for the replies. The manual steps to create a new group for each user certainly work and it is a minor hassle to manually create a group before adding a user. I would personally like to have an option in the new user dialog in yast that would create a group with the user name and set this as a default group. I believe that this is the best configuration option in an environment where in principal data must only be shared on an explicit, contractual basis between users. Such a situation is common in medical research.
I’m puzzled by that reasoning because most research teams consist of more than one person; would it not be better to set up a group for each research team rather than for each member of the research team?
I too am more accustomed to the user private group model that is used in RHEL, etc. It would be nice if it were an option, however you may be able to automate this by adding the commands to create the private group, etc. and place them in /usr/sbin/useradd.local which states:
Here you can add your own stuff, that should be done for every user who
was new created.
When you create a user with useradd, this script will be called
with the login name as parameter. Optional, UID, GID and the HOME
The point would be that setting group-readable permission in the umask is a convenient way to control sharing (it is the default on all distributions I am aware of). All project related files would belong to a specific group constraining access to these files by group membership. However, if there would be a common default group for all users all non-project related files would always be visible to all users which is not the prefered situation in general. This could be circumvented by setting the umask appropriately and manually setting file permissions.
At the end of the day all manual steps can be avoided by the private group for each user. Making a file available for a project then just implies setting group ownership to the project group.
Yes, but project groups can be set up whether or not individuals have their own group of initially one member. The fly in the ointment is that unless arrangements are made to allow users to control which colleagues are in their own group, it still has to go through the sysadmin anyway, so the advantage of an individual group is small. But perhaps it’s what you need and Linux is flexible enough to accommodate that.