While it's possible that it's a fluke of a package I installed or the VPS image, it appears that /usr/local and /usr/local/bin (both of which are owned by root:staff) are group-writable by default on Debian Squeeze. Is there a reason that they need to be?
Asked
Active
Viewed 1,551 times
7
Isaac
- 534
- 2
- 11
- 24
-
Longish thread, but "yes" it's by design: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538392 – jscott May 14 '12 at 01:05
-
@jscott: Thanks for the link and the tl;dr "yes"—I read through the first third or so and I get that it's by-design, but it's not clear to me whether removing the group writability of those two directories would break anything beyond the expectation that users in the staff group could write there. – Isaac May 14 '12 at 01:15
-
1@JScott, post as answer? – Chris S May 14 '12 at 01:29
1 Answers
11
it appears that /usr/local and /usr/local/bin (both of which are owned by root:staff) are group-writable by default on Debian Squeeze.
This is, at present, by design, you may review the team's missives on the purpose/importance of this choice in the following thread: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538392
Is there a reason that they need to be?
These directories only need owner root.staff if you intend to utilize the staff group as the Debian team chose. Also, by default, the staff group has no members, you would need to add users manually to delegate this access permission. As the "bug" is marked as "wishlist", the door is open for this configuration to be reverted to the default-defaults, as most other distros use.
Avoiding any Holy Wars of the Debian mailing list, I would suggest you can chown the directories root.root and just use sudo, su as most everyone else would just do.
jscott
- 24,484
- 8
- 79
- 100