id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc 274,Enhanced run_email2trac to support supplementary groups,Dennis McRitchie ,bas,"Hi Bas, We are now using a more secure approach to group ownership and file permissions that supports 1) webserver r/w access, 2) r/w access by selected users who are logged in via ssh, and 3) no other r/w access. The idea is to create a supplementary group whose only members are the webserver user, and the selected ssh users. World access is then removed from all dual-access files (i.e., files writable via webserver and ssh). Thus, with a umask of 007 and the gid bit set, all created dual-access files are group-writable by users belonging to the special supplementary group, and to no one else. Currently, besides the uid, run_email2trac sets only the gid associated with the trac user. This patch will cause it to also set the supplementary groups associated with the trac user, thus supporting a ""best practices"" approach to dual-access. Let me know if you have any questions. Dennis McRitchie ",enhancement,closed,major,Release 2.4.5,email2trac,2.4.2,fixed,,