Bug#967857: debian-policy: [Files/Permissions and owners] files installed by package manager should not be writable
Package: debian-policy
Hi,
10.9 Permissions and owners currently says
| Files should be owned by root:root, and made writable only by the
| owner and universally readable (and executable, if appropriate),
| that is mode 644 or 755."
However most files shouldn't be modified as modifications will just be
lost (e.g. everything installed by the package manager that isn't
handled as a conffile). It also gives more permissions than the
minimum needed.
I think static files should not be writable instead, so every file
under /usr (and /bin, /sbin, /lib*; or everything dpkg installs that is
not a conffile) should have 444 (or 555).
Ansgar
Reply to: