Bug#954021: Please detect use of staff group (and 2775 permissions) in maintainer scripts without checking staff-group-for-usr-local
On Mon, 16 Mar 2020 07:14:41 -0700 Felix Lechner <felix.lechner@lease-up.com> wrote:
> On Sun, Mar 15, 2020 at 1:18 PM Josh Triplett <josh@joshtriplett.org> wrote:
> >
> > Many packages still
> > unconditionally chown directories to root:staff, or chmod directories to
> > 2755.
>
> What is the issue with setting the group id, please?
There's a long discussion and rationale in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484841 , and an even
longer discussion leading to a policy change in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=299007 .
Short version: the "staff" group is root-equivalent. See
https://www.debian.org/doc/debian-policy/ch-opersys.html#site-specific-programs
, which says:
> If /etc/staff-group-for-usr-local does not exist, /usr/local and all
> subdirectories created by packages should have permissions 0755 and be
> owned by root:root. If /etc/staff-group-for-usr-local exists,
> /usr/local and subdirectories should have permissions 2775
> (group-writable and set-group-id) and be owned by root:staff.
On Mon, 16 Mar 2020 07:14:41 -0700 Felix Lechner <felix.lechner@lease-up.com> wrote:
> Isn't it a common paradigm for daemons?
Not sure what you mean by this.
Reply to: