From what I can tell, we need to do at least one of the following: 1) Make it more obvious that adding people to the staff group is rougly equivalent to giving them root access by fixing the description of the group in base-passwd, and possibly having base-passwd warn if there are users in the staff group (?).
2) Make /usr/local and subdirectories root:root 0755 by default instead. (Probably also do #1) 3) Make subdirectories of /usr/local are 2775 root:staff if /usr/local is that way by default, otherwise they are 0755. New installs have /usr/local root:root 0755. Suggest switching /usr/local to root:root 0755 once if there is no-one in the staff group on upgrades. I'm personally leaning towards doing #2 and #1 too, but if there is still a sufficient use case for having /usr/local root:staff, then maybe #3 and #1 is a better option. Is there a use case for having people in the group staff with /usr/local g+w that isn't better solved using sudo to provide similar access? [I've never had people in the staff group, so I don't know what people were using it for historically.] Don Armstrong -- We must realize that today's Establishment is the New George III. Whether it will continue to adhere to his tactics, we do not know. If it does, the redress, honored in tradition, is also revolution. -- William O. Douglas _Points of Rebellion_ http://www.donarmstrong.com http://rzlab.ucr.edu -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org