Your message dated Tue, 20 Sep 2022 21:05:38 -0700
with message-id <87o7v9fk31....@hope.eyrie.org>
and subject line Re: Bug#967857: debian-policy: [Files/Permissions and owners]
files installed by package manager should not be writable
has caused the Debian Bug report #967857,
regarding debian-policy: [Files/Permissions and owners] files installed by
package manager should not be writable
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
967857: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=967857
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: debian-policy
Hi,
10.9 Permissions and owners currently says
| Files should be owned by root:root, and made writable only by the
| owner and universally readable (and executable, if appropriate),
| that is mode 644 or 755."
However most files shouldn't be modified as modifications will just be
lost (e.g. everything installed by the package manager that isn't
handled as a conffile). It also gives more permissions than the
minimum needed.
I think static files should not be writable instead, so every file
under /usr (and /bin, /sbin, /lib*; or everything dpkg installs that is
not a conffile) should have 444 (or 555).
Ansgar
--- End Message ---
--- Begin Message ---
Ansgar <ans...@debian.org> writes:
> Hi,
> 10.9 Permissions and owners currently says
> | Files should be owned by root:root, and made writable only by the
> | owner and universally readable (and executable, if appropriate),
> | that is mode 644 or 755."
> However most files shouldn't be modified as modifications will just be
> lost (e.g. everything installed by the package manager that isn't
> handled as a conffile). It also gives more permissions than the
> minimum needed.
> I think static files should not be writable instead, so every file
> under /usr (and /bin, /sbin, /lib*; or everything dpkg installs that is
> not a conffile) should have 444 (or 555).
Coming back to this a couple of years later, it looks from the bug history
like we had a fairly extensive discussion of this with a lot of opposition
(for various different reasons) and not much support. Given that, I'm
going to go ahead and close this out as wontfix, since I don't think we're
going to reach a consensus on this change.
--
Russ Allbery (r...@debian.org) <https://www.eyrie.org/~eagle/>
--- End Message ---
