Comment 25 for bug 13795

On Fri, Mar 11, 2005 at 06:22:57PM +0100, Bill Allombert wrote:
> On Fri, Mar 11, 2005 at 03:26:16PM +0100, Martin Pitt wrote:
> > I wholeheartedly agree and second this proposal. Also, /home should be
> > root:root 0755 instead of root:staff 2775; it is only confusing and
> > actually does not do anything useful.
>
> Obviously it does: it allows an administrator in the staff group to
> install software in /usr/local without having to use root priviledge,
> so prevent mistakes that would affect the /usr hierarchy. I don't see
> what is confusing here?

In Martin's second sentence, he's talking about /home, where it's not
especially useful for users other than root to have write access since
they can't chown the home directories to the new user anyway.

> This is even documented, see
> /usr/share/doc/base-passwd/users-and-groups.txt.gz:
>
> staff
>
> Allows users to add local modifications to the system (/usr/local, /home)
> without needing root privileges. Compare with group 'adm', which is more
> related to monitoring/security.

base-passwd documents the situation at the moment and the rationale as
retroactively understood at the time when the documentation was written
(that understanding may have been imperfect); I'd obviously be happy to
update it to take account of changes.

Cheers,

--
Colin Watson [<email address hidden>]