On Wed, 20 Oct 2010 at 01:58:22 +0000, The Fungi wrote: > On Tue, Oct 19, 2010 at 09:48:58AM +0200, Jesús M. Navarro wrote: > > On the other hand, is it really necessary a new group? Can't adm > > or operator be overloaded with this new functionality? (think > > Ockham's razor). > > Maybe similarly overloaded, but I've used the built-in "staff" group > for this for many years. It already gets write access into many > local system folders by default, so not that much of a stretch...
Quoting from base-passwd again: Allows users to add local modifications to the system (/usr/local, /home) without needing root privileges. Compare with group 'adm', which is more related to monitoring/security. Note that the ability to modify /usr/local is effectively equivalent to root access (since /usr/local is intentionally on search paths ahead of / usr), and so you should only add trusted users to this group. Be careful in environments using NFS since acquiring another non-root user's privileges is often easier in such environments. ... so in practice, staff is root-equivalent, but in principle it's not meant to be. (Yay.) S -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101020112849.ga14...@reptile.pseudorandom.co.uk