Comment by brookst
12 hours ago
And when you want to share some but not all files with that one user but not other users you created for similar purposes?
And when you want the outputs of that user back to your main user?
And when you want that user to access some shared credentials for external services, but not all?
It’s not the account setup that’s hard, it’s the workflow of spreading a single real-world across multiple accounts.
All of those use cases are very easy to facilitate using filesystem permissions and groups.
And you set up these permissions and groups for each individual task to be done? Do you tear them down after the task? Or maintain a lot of them for “LLM helps with house renovation” versus “LLM helps plan travel”?
I would if necessary but then again I’m not the one claiming it can’t be done am I? All the examples you gave would require just one llm group and one directory readable and writeable by the user and the llm group (and possibly making the directory setgid the llm group so files in that directory are group owned by the llm group by default). You don’t need a new group for every task just for every logical access role you need. And if you need something more granular than that then there are filesystem acls but I am yet (in 30 years of using unix) to come across a situation that genuinely required them as opposed to being doable just using groups.
1 reply →
That’s what user groups are for.
None of what you described is hard either. Tediously prone to mistakes due to complexity or lack of attention to detail? Sure. But you do that once or twice and suddenly it really doesn’t seem all that hard. I’m with you on “annoying” though!
> And when you want to share some but not all files with that one user but not other users you created for similar purposes?
Can't ACLs (Access Control Lists) handle at least some of that?