-
Type:
Task
-
Status: Open (View Workflow)
-
Priority:
Normal
-
Resolution: Unresolved
-
Component/s: None
-
Labels:
The security model for PFS is a common one:
- All development and installation work is done by individual user accounts
- All user accounts are also in a common group (pfs)
- All work is saved in a shared directory (/software)
A time-tested way to make that work smoothly is:
- Each user has a primary per-user group id.
- All users are additionally in group pfs
- Each user's $HOME has that group id, and is 0755, so that ssh works safely.
- All shared directories (/software and under) are group pfs and g+srwx.
I notice that the LDAP accounts do not have per-user primary groups. Can they be added?