[JNI]

I noticed that in 7B85 my default group is now a group named the same as my user name. Previously the default group was 'staff'. Can anyone else confirm that this is the new default? Maybe I did that somehow.

In general that sounds like a fine idea, I guess. For paranoids like me, I'd rather no one have access to my data by default and give out permissions only as needed. I've changed my umask to be pretty closed. Changing the default group to essentially a private one seems like a nice simple way to control default access. Is that a common practice in Unix administration?

It seems though it may cause some new admin headaches. Now the tables are turned and I have to dole out permissions on anything new I create. I can deal with that, but what about the non-Unix savvy, which are probably the majority. I know I get lots of calls from friends that can't read files because of permissions issues. Now I'm going to have to deal with the differences between Jaguar and Panther. I guess I should consider it 'progress'.

[suthercd]

I can confirm that the group and user name are the same. I figured it might relate to the improvement in the multiple user environment. With rapid user switching, having staff as a common group may have presented more of a security challenge. Unix permissions can make it tricky to define who has right to what and who can do what when there are several users in one group who may not have the same write permissions.

10.3 Server has a lot of improvements and I see the Server/workstation environment as one which Apple is setting up to pursue aggresively.

Craig

[Gavin]

This is how it is in the Linux systems I used.
new user bob is put in group bob

A user can be in more than 1 group so what you see as your group is just your default group. Maybe all users are still members of staff.

Take a look in netinfo manager under groups and see which other groups you are in. Check wheel, staff and admin.

[suthercd]

As a user you are now part of both the user group with your name and you are an admin with prvileges in group staff.

HTH
Craig

[chabig]

and you are an admin with prvileges in group staff.

My Macs have never given admin privileges to member of group staff. That's what the admin group is for.

Chris

[JNI]

Originally posted by Gavin:
This is how it is in the Linux systems I used.
new user bob is put in group bob

A user can be in more than 1 group so what you see as your group is just your default group. Maybe all users are still members of staff.

Take a look in netinfo manager under groups and see which other groups you are in. Check wheel, staff and admin.

I checked using 'groups' on the command line and I am no longer in the 'staff' group. I am still in the admin group, and I seem to be a member of a couple of groups that I don't remember seeing before: 'appserverusr' and 'appserveradm'.

I understand the possible security advantage of users not being part of a common group by default. But now most of my files (created with Jaguar) are part of the staff group, and anything new I create is set to my username group, which I believe is an unknown group in Jaguar (I haven't rebooted into Jaguar to check that, but I'm pretty sure).

I wish Apple would have at least mentioned this change in a Release Note somewhere. It might even be nice to supply a a script that would change all of my Jaguar files. Since I may still go back to Jag occassionally until Panther is deemed solid, I may wind up adding a username group in Jag so that the inconsistencies.

Maybe I'm just anal, but I hate messy stuff like this. I can take care of it all for myself, but as I mentioned originally, this seems like potential confusion and headaches for novices. I can barely explain chmod to others, let alone chgrp.

[Mithras]

Originally posted by JNI:
I wish Apple would have at least mentioned this change in a Release Note somewhere.

Gee, maybe they will when the OS is released.

[JNI]

Gee, maybe they will when the OS is released

I guess we can now give up on that wishful thinking...