[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1099124: debian-policy: should 9.1.2 apply to /var/local too?

Source: debian-policy
Followup-For: Bug #1099124

It's reasonable to maintain the current ownership and permissions of the
/var/local directory on existing debian installations and update the
defaults for new installations. This approach may however result in a
divergence between legacy and new installations, which would be an
argument for not changing anything in the policy and keeping the
directory as is. I would still consider the policy to be underdocumented
regarding this point however.

To ensure consistency across all installations, it would make sense to
align the ownership and permissions of /usr/local and /var/local.
Currently, these are only in sync by chance, if
/etc/staff-group-for-usr-local exists.

I'm not aware of anyone still using the staff group for the purposes of
managing /usr/local and /var/local. I am however aware of security
scanners that report the suid and sgid bits on executables and
directories, and it's pointless for all debian installations (especially
containers and virtual machines that are distributed to the whole world)
to needlessly trigger those scanners on /var/local unconditionally. I'm
not aware of any non-debian-based distributions that would still by
default set the staff group and related permissions either.
Reply to: