ho ho -- thank you Guy! so, here it is: ,---------------------------------------------------------------------------------, | staff: Allows users to add local modifications to the system (/usr/local, | | /home) without needing root privileges. Compare with group "adm", which is more | | related to monitoring/security. | `---------------------------------------------------------------------------------'
Hence, Debian, by design (and by policy), allows "users" to modify the system... So 'staff' group is much broader than notion of 'Administrator', hence, it might be unsafe to "add a user to staff group without ability to prevent default behavior of the system to use the content of /usr/local". NB: actually on a freshly installed lenny system: $> ls -ld /home 4 drwxr-xr-x 10 root root 4096 2009-01-03 16:23 /home/ and I don't see actual need for 'staff' to modify /home, since staff group is not authorized to add users. On Tue, 03 Feb 2009, Guy Hulbert wrote: > Fortunately, I just spent 20-30 minutes going through this on Sunday. > http://www.debian.org/doc/manuals/securing-debian-howto/ch12.en.html > Scroll down to: 12.1.12 Operating system users and groups > I was reporting something to secur...@debian.org ... they acknowledged > my initial inquiry but have not responded on the issue I pointed out > (very minor) but you are looking in exactly the same place. -- Yaroslav Halchenko Research Assistant, Psychology Department, Rutgers-Newark Student Ph.D. @ CS Dept. NJIT Office: (973) 353-1412 | FWD: 82823 | Fax: (973) 353-1171 101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102 WWW: http://www.linkedin.com/in/yarik -- To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org