[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#484841: staff group root equivalence

On Wed, 11 Mar 2009, Ian Jackson wrote:
> A user who is in group staff can avoid becoming root to edit things
> in /usr/local, thus limiting the damage they can do by mistake. One
> big example for this is `make install'.

It's probably not advisable to run 'make install' as any privileged
(or potentially privileged) user at all.

> Obviously the best answer to how to provide some set of processes
> (including all the processes of certain users) with the ability to
> write to /usr/local is to make /usr/local owned by some group and
> mode g+rw (directories g+rwsx).
> 
> Perhaps the choice of the name `staff' for this group was a mistake.

If we can make the default group name slightly more self-documenting,
that'd be ideal. Something like 'localroot' or similar would clue
people in that the group isn't something that you'd randomly stick
people in.

> What _is_ important is that the existing installations aren't
> broken

Right. No matter what we choose to do, we need to make sure that
existing installs which knowingly utilize root:staff can continue to
do so. [It may be reasonable to warn once after adopting a new
convention if someone has users in a group that is g+w on directories
in root's default path, but we can probably leave that up to the
base-passwd maintainers to decide.]
 
> So I would suggest that documenting the situation would probably be
> best. After all anyone who puts users in a system group ought to
> have some care about what they're granting access to.

I think we're all in agreement now that at least documenting is
required.
 
> If change is felt to be essential then I think the only option is to
> require packages to create directories in /usr/local with `mkdir -p
> -m2755' (or something like it). If we do that then those directories
> will naturally inherit the permissions from their parents, so that
> the local configuration will be sticky.

I think something along these lines may be ideal (2775?). [The exact
mechanism of implementing this isn't that important to me.]


Don Armstrong

-- 
a friend will help you move
a best friend will help you move bodies
but if you have to move your best friend's body
you're on your own
 -- a softer world #242
    http://www.asofterworld.com/index.php?id=242

http://www.donarmstrong.com              http://rzlab.ucr.edu
Reply to: