[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#484841: staff group root equivalence

* Russ Allbery (rra@debian.org) [090706 23:55]:
> Andreas Barth <aba@not.so.argh.org> writes:
> > Anyways, I think we should do the basic decision whether we want to
> > /usr/local to be writeable by staff or not soon, and then try how to
> > best do a transition.
> 
> I would prefer to drop the writeability of /usr/local by staff
> personally.  I don't think it serves much useful purpose these days
> given the existence of tools like sudo, and where it does, I think we
> can work out a transition plan that will make it relatively easy for
> sites to recreate the concept.

I agree.

I think we shouldn't decide about the details of the transition plan,
but just about the plain fact.


For this reason, I intend to propose the following options:

1. Keep /usr/local writeable by group staff (i.e. leave things as they
are).

2. Decide to change the default so that /usr/local is not writeable by
group staff anymore. This change should only be implemented after an
appropriate transition plan exists, so that system administrators can
keep that functionality. (Reasons for the change are the adaption of
other tools like sudo on most sites, and the concept of "least
surprise" for novice users.)

3. Further discussion.


Comments?



Cheers,
Andi
Reply to: