~~NOTOC~~ ====== User Private Groups ====== The EECS Department IT Staff has implemented User Private Groups for all EECS Linux accounts. Please see below for more information on how this affects you. ===== What are User Private Groups? ===== Every Linux user/login has an associated “default” or primary Linux group. Traditionally, at EECS, this has been a group name like “faculty” or “graduate” signifying the primary affiliation of that user account. Some of these groups have dozens or hundreds of members. When a new file is created by a user, the group ownership of that file defaults to the user’s primary group, e.g.:\\ \\ ''-rwxr-x---. 1 jjsmith1 faculty 2358 Mar 25 2015 myNewFile''\\ \\ In a UPG scheme, every user has an associated, unique group that has the same name. Only the specific user is a member of that group. New files will be created with group ownership set to this “private” group, e.g.:\\ \\ ''-rwxr-x---. 1 jjsmith1 jjsmith1 2358 Mar 25 2015 myNewFile''\\ \\ ===== Why is EECS Moving to User Private Groups? ===== The main reason for using UPGs is to increase internal system security. - Having large catch-all groups significantly increases the risk that users accidentally give access to private files with others. New files are automatically created with the user's primary group "owning" the them. If a file is group-readable or writable (e.g. through an overly permissive [[wp>umask]] setting), then said file may now be accessible by many unauthorized users. In an academic environment, this can be an open invitation to cheating. - By having a default group with only the user as member, users have to make a conscious choice to change the group ownership of a file. Intentional [[file-storage#sharing-files|sharing of files]] should be limited to designated research or project-related storage directories. - Most Linux vendors, including Red Hat, switched to UPGs a number of years ago. UPGs are the industry standard for default group assignment. For more information about why UPGs are more secure than large, catch-all groups, please see: * [[https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/deployment_guide/s1-users-groups-private-groups|Red Hat Enterprise Linux User Private Groups (default since RHEL 5)]] * [[https://security.ias.edu/how-and-why-user-private-groups-unix|Institute of Advanced Study UPG Explanation]] ===== How Does This Affect My Account? ===== Any files in your EECS Linux home area and in ''/research'' or ''/storage'' directories with group ownership of your //old// EECS default group (e.g. faculty or graduate, etc.) will be changed to your //new// User Private Group. Files owned by other groups (e.g. project-related groups) will not be affected. The catch-all groups (faculty, undrgrad, graduate, guest) will be retired after this switchover. ===== How Do I Share Files With Others? ===== Have a look at [[file-storage|EECS Linux File Storage]] for information on how to share files with others.