On Mon, 16 Mar 2020 07:14:41 -0700 Felix Lechner <felix.lech...@lease-up.com> wrote: > On Sun, Mar 15, 2020 at 1:18 PM Josh Triplett <j...@joshtriplett.org> wrote: > > > > Many packages still > > unconditionally chown directories to root:staff, or chmod directories to > > 2755. > > What is the issue with setting the group id, please?
There's a long discussion and rationale in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484841 , and an even longer discussion leading to a policy change in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=299007 . Short version: the "staff" group is root-equivalent. See https://www.debian.org/doc/debian-policy/ch-opersys.html#site-specific-programs , which says: > If /etc/staff-group-for-usr-local does not exist, /usr/local and all > subdirectories created by packages should have permissions 0755 and be > owned by root:root. If /etc/staff-group-for-usr-local exists, > /usr/local and subdirectories should have permissions 2775 > (group-writable and set-group-id) and be owned by root:staff. On Mon, 16 Mar 2020 07:14:41 -0700 Felix Lechner <felix.lech...@lease-up.com> wrote: > Isn't it a common paradigm for daemons? Not sure what you mean by this.
