Bug#538392: group staff: moving forward

[Russ Allbery <rra@debian.org>]

"Thijs Kinkhorst" <thijs@debian.org> writes:

> I'm not sure it's entirely equivalent, as the directory in the new
> situation would be owned by group 0 / root. This is clearly a special
> group just as user root is a special user; much more clearly than staff
> would be.

Hm, it is?  I don't know of anything else in Debian that treats it as such
currently; it seems fairly equivalent to staff to me.  (In fact, at
Stanford, we use it roughly in the way that Debian normally uses staff.)

I suppose it's treated somewhat specially by NFS, but that's the only
thing I can think of off-hand.

> I believe that the problems that could occur with the original situation
> relate to non-root users being in group staff one way or the other, and
> then elevate that to root. What would be a realistic scenario where the
> group 'root' contains users that aren't supposed to be root?

We do this at Stanford because we use that group to control who is allowed
to su (in other words, we use it as a wheel group).  I'm sure we're not
the only ones.  Elevating to root still requires a separate
authentication, so users in group root are not equivalent to root, only
permitted to attempt to become root if they know the appropriate
passwords.

> I'm fine either way, and will work on that if desired, but of course I'd
> like to keep things as simple as possible.

The original question appealed to the TC was in general about having a
group-writable directory.  I think we need to eliminate group-writability
to fully address the requested change.  I can poll the rest of the TC,
though, to see if I'm interpreting people's positions correctly.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>