Russ Allbery writes ("Bug#484841: Should /usr/local be writable by group staff?"): > The dispute is over the following text in Debian Policy: > > The `/usr/local' directory itself and all the subdirectories created > by the package should (by default) have permissions 2775 > (group-writable and set-group-id) and be owned by `root.staff'. > > The proposed change is to state instead that the /usr/local directory > itself and all the subdirectories created by the package should (by > default) have permissions 755 and be owned by root:root.
I wrote that text and I stand by it. The purpose is so that, if you are an administrator who wants /usr/local to be writeable by some set of users, you have an easy a way of achieving that. If you don't want that, don't put non-root-equivalent users in the group. If you do want it then you _need_ the currently mandated behaviour, because there's no other way to make sure that new directories in /usr/local get the right permissions. This is no different to any other (potentially) shared filespace. We do the same thing with users filespaces and their personal groups. Is it a bug that if someone else is put in the user's group, they can write all of the user's files and take over their account ? No! It's a feature. If you don't want that, don't do that then. Ian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]