Re: Preparing Debian for using capabilities: file ownership.

[Joey Hess <joeyh@debian.org>]

Nicolás Lichtmaier wrote:
>  It should be:
> 
> -rwxr-xr-x    1 bin      bin         42300 jul 29 13:26 /bin/ls*
> 
>  That's because root will be just another user, with its set of
> capabilities, and you may like to prevent him from altering system files.
>  As this is a major change, we'd better start now. This will also help
> people who want to implement a capabilities setup before we do...
> 
>  Do you like this? Do I send a "formal proposal"?

Using an existing group like bin could cause problems. It's possible
systems exist that have users in the bin group and don't expect them to
suddenly be able to edit every file on the system. (What is the bin
group used for now, anyway? Only 3 files on my system are owned by it.) We
should probably make a new group if we do this.

-- 
see shy jo