Bug#484841: Should /usr/local be writable by group staff?

[Ian Jackson <ian@davenant.greenend.org.uk>]

Russ Allbery writes ("Bug#484841: Should /usr/local be writable by group staff?"):
> The dispute is over the following text in Debian Policy:
> 
>      The `/usr/local' directory itself and all the subdirectories created
>      by the package should (by default) have permissions 2775
>      (group-writable and set-group-id) and be owned by `root.staff'.
> 
> The proposed change is to state instead that the /usr/local directory
> itself and all the subdirectories created by the package should (by
> default) have permissions 755 and be owned by root:root.

I wrote that text and I stand by it.  The purpose is so that, if you
are an administrator who wants /usr/local to be writeable by some set
of users, you have an easy a way of achieving that.

If you don't want that, don't put non-root-equivalent users in the
group.  If you do want it then you _need_ the currently mandated
behaviour, because there's no other way to make sure that new
directories in /usr/local get the right permissions.

This is no different to any other (potentially) shared filespace.  We
do the same thing with users filespaces and their personal groups.  Is
it a bug that if someone else is put in the user's group, they can
write all of the user's files and take over their account ?  No!  It's
a feature.  If you don't want that, don't do that then.

Ian.