Red Hat and Fedora distributions of Linux create a separate user group for each user on the system. To someone coming from another distribution, such as SUSE (which puts all users in the group “users” by default), this may seem bizarre — but there’s a good reason for this often-ignored feature.
The User Private Group (UPG) scheme is a very simple administrative policy that makes it easy to create directories for collaboration:
1. Create a new group for the collaborative project:
# groupadd party-planners
2. Add the collaborators to that group:
# gpasswd -a chris party-planners Adding user chris to group party-planners # gpasswd -a diane party-planners Adding user diane to group party-planners
3. Create a directory for collaboration, set the group owner to the new group, and set the SGID bit:
$ mkdir /var/christmas-party $ chgrp party-planners /var/christmas-party $ chmod g+s /tmp/christmas-party $ ls -ld /tmp/christmas-party drwxr-sr-x 2 chris party-planners 4096 Sep 29 09:15 /tmp/christmas-party
Any files created by group members within that directory will automatically be owned by the group, and will be editable by anyone in the group.
What does this have to do with UPG?
UPG sets the default umask to 0002 so that group users can write to files. This would be undesirable and dangerous if everyone belonged to one group (like the “users” group in SUSE) — but when each user is in their own group, the additional group permission is moot until you write into an SGID directory.
Tip: Tired of administrating groups? Use the
-A option of
gpasswd to delegate group administration to a non-superuser.