Bug#484841: staff group root equivalence

[Don Armstrong <don@debian.org>]

From what I can tell, we need to do at least one of the following:

1) Make it more obvious that adding people to the staff group is
rougly equivalent to giving them root access by fixing the description
of the group in base-passwd, and possibly having base-passwd warn if
there are users in the staff group (?).

2) Make /usr/local and subdirectories root:root 0755 by default
instead. (Probably also do #1)

3) Make subdirectories of /usr/local are 2775 root:staff if /usr/local
is that way by default, otherwise they are 0755. New installs have
/usr/local root:root 0755. Suggest switching /usr/local to root:root
0755 once if there is no-one in the staff group on upgrades.

I'm personally leaning towards doing #2 and #1 too, but if there is
still a sufficient use case for having /usr/local root:staff, then
maybe #3 and #1 is a better option.

Is there a use case for having people in the group staff with
/usr/local g+w that isn't better solved using sudo to provide similar
access? [I've never had people in the staff group, so I don't know
what people were using it for historically.]


Don Armstrong

-- 
We must realize that today's Establishment is the New George III.
Whether it will continue to adhere to his tactics, we do not know. If
it does, the redress, honored in tradition, is also revolution.
 -- William O. Douglas _Points of Rebellion_

http://www.donarmstrong.com              http://rzlab.ucr.edu