Giacomo A. Catenazzi wrote: > Simon McVittie wrote: > >... so in practice, staff is root-equivalent, but in principle it's > >not meant to be. (Yay.) > > It depends on the definition of "equivalent". > > Anyway "staff" is a protection against user (aka admin)* errors*, > not against *malicious* admins. I expect group staff to have write access to /usr/local so that './configure && make && make install' can install software in /usr/local but bad software that tries to write to /etc/ will be prevented by filesystem permissions. It is there to create a safety net. I use that feature personally even though I have superuser access because I am less likely to make a costly mistake. Also in practice this means that I can assign someone to the staff group and they can be quite well enabled to do things but not ultimately enabled to break things. Sure they can try a social engineering attack against root to break in but I try to avoid working with such antisocial people. The 'staff' group is a useful shade of grey that lives between the black and the white. I think it would be bad to overload the 'staff' group for other meanings. Bob P.S. I wish other distros would pick up the 'staff' model. It is one of the things I sometimes set up myself when working on other systems that don't have it.
Attachment:
signature.asc
Description: Digital signature