Bug#954021: Please detect use of staff group (and 2775 permissions) in maintainer scripts without checking staff-group-for-usr-local

To: Josh Triplett <josh@joshtriplett.org>
Cc: 954021@bugs.debian.org
Subject: Bug#954021: Please detect use of staff group (and 2775 permissions) in maintainer scripts without checking staff-group-for-usr-local
From: Felix Lechner <felix.lechner@lease-up.com>
Date: Sun, 15 Mar 2020 15:28:41 -0700
Message-id: <[🔎] CAFHYt54obhgf-inE8sfgSdRL1FfU-x5B4HpopfSFap59-NcKbg@mail.gmail.com>
Reply-to: Felix Lechner <felix.lechner@lease-up.com>, 954021@bugs.debian.org
In-reply-to: <[🔎] 158430326915.14374.5520785551774857533.reportbug@s>
References: <[🔎] 158430326915.14374.5520785551774857533.reportbug@s> <[🔎] 158430326915.14374.5520785551774857533.reportbug@s>

Hi Josh,

On Sun, Mar 15, 2020 at 1:18 PM Josh Triplett <josh@joshtriplett.org> wrote:
>
> Policy version 4.1.4, in April 2018, states that /usr/local and subdirectories
> should only have group "staff" if /etc/staff-group-for-usr-local exists,
> and otherwise they should have group "root". Many packages still
> unconditionally chown directories to root:staff, or chmod directories to
> 2755.

What is an acceptable way to identify such scripts? Would it be a
successful 'grep root[:.]staff', followed by an unsuccessful 'grep
staff-group-for-usr-local'?

Kind regards,
Felix Lechner

Reply to:

Follow-Ups:
- Bug#954021: Please detect use of staff group (and 2775 permissions) in maintainer scripts without checking staff-group-for-usr-local
  - From: "Chris Lamb" <lamby@debian.org>
- Bug#954021: Please detect use of staff group (and 2775 permissions) in maintainer scripts without checking staff-group-for-usr-local
  - From: Josh Triplett <josh@joshtriplett.org>

References:
- Bug#954021: Please detect use of staff group (and 2775 permissions) in maintainer scripts without checking staff-group-for-usr-local
  - From: Josh Triplett <josh@joshtriplett.org>

Prev by Date: Bug#954021: Please detect use of staff group (and 2775 permissions) in maintainer scripts without checking staff-group-for-usr-local
Next by Date: Bug#954021: Please detect use of staff group (and 2775 permissions) in maintainer scripts without checking staff-group-for-usr-local
Previous by thread: Bug#954021: Please detect use of staff group (and 2775 permissions) in maintainer scripts without checking staff-group-for-usr-local
Next by thread: Bug#954021: Please detect use of staff group (and 2775 permissions) in maintainer scripts without checking staff-group-for-usr-local
Index(es):
- Date
- Thread