Bug#538392: group staff: moving forward
Thijs Kinkhorst <thijs@debian.org> writes:
> The TC has decided on the following resolution for the group staff issue:
>
>> | 2. Decide to change the default so that /usr/local is not writeable by
>> | group staff anymore. This change should only be implemented after an
>> | appropriate transition plan exists which enables system administrators
>> | to maintain the ability of group staff to write to /usr/local.
>> | (Reasons for the change are the adaption of other tools like sudo on
>> | most sites, and the concept of "least surprise" for novice users.)
>
> I'd like to move forward with this bug so that it can be resolved for
> squeeze.
>
> The TC decided an "appropriate transition plan" should exist. If we
> would change the default on a new system to root:root 2775 for
> /usr/local, a sysadmin needs to chgrp that to staff once to regain the
> old behaviour.
Changing the magic group from staff to root does not address the problem
that was raised before the TC so far as I can see. The TC decision as I
understood it requires that the default mode be 2755. The staff group was
already empty by default, so swapping it out with another empty-by-default
group but keeping the directories as group-writable is entirely equivalent
to the current situation.
The transition plan work entails determining how to set the mode of newly
created directories based on the local system administrator preference, I
think.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: