Bug#954021: Please detect use of staff group (and 2775 permissions) in maintainer scripts without checking staff-group-for-usr-local

On Mon, 16 Mar 2020 07:14:41 -0700 Felix Lechner wrote: > On Sun, Mar 15, 2020 at 1:18 PM Josh Triplett wrote: > > > > Many packages still > > unconditionally chown directories to root:staff, or chmod directories to > > 2755. > > What is the issue with setting the group id, please? There's a

Bug#954021: Please detect use of staff group (and 2775 permissions) in maintainer scripts without checking staff-group-for-usr-local

Hi Josh, On Sun, Mar 15, 2020 at 1:18 PM Josh Triplett wrote: > > Many packages still > unconditionally chown directories to root:staff, or chmod directories to > 2755. What is the issue with setting the group id, please? Isn't it a common paradigm for daemons? Kind regards Felix Lechner

Bug#954021: Please detect use of staff group (and 2775 permissions) in maintainer scripts without checking staff-group-for-usr-local

On Sun, Mar 15, 2020 at 03:28:41PM -0700, Felix Lechner wrote: > On Sun, Mar 15, 2020 at 1:18 PM Josh Triplett wrote: > > Policy version 4.1.4, in April 2018, states that /usr/local and > > subdirectories > > should only have group "staff" if /etc/staff-group-for-usr-local exists, > > and

Bug#954021: Please detect use of staff group (and 2775 permissions) in maintainer scripts without checking staff-group-for-usr-local

Hi Josh, > Policy version 4.1.4, in April 2018, states that /usr/local and subdirectories > should only have group "staff" if /etc/staff-group-for-usr-local exists, > and otherwise they should have group "root". Many packages still > unconditionally chown directories to root:staff, or chmod

Bug#954021: Please detect use of staff group (and 2775 permissions) in maintainer scripts without checking staff-group-for-usr-local

Hi all, > What is an acceptable way to identify such scripts? Would it be a > successful 'grep root[:.]staff', followed by an unsuccessful 'grep > staff-group-for-usr-local'? Josh, another way to help answer this might be to link to some offending packages if you have them handy. Regards, --

Bug#954021: Please detect use of staff group (and 2775 permissions) in maintainer scripts without checking staff-group-for-usr-local

Hi Josh, On Sun, Mar 15, 2020 at 1:18 PM Josh Triplett wrote: > > Policy version 4.1.4, in April 2018, states that /usr/local and subdirectories > should only have group "staff" if /etc/staff-group-for-usr-local exists, > and otherwise they should have group "root". Many packages still >

Bug#954021: Please detect use of staff group (and 2775 permissions) in maintainer scripts without checking staff-group-for-usr-local

Package: lintian Version: 2.55.0 Severity: wishlist Policy version 4.1.4, in April 2018, states that /usr/local and subdirectories should only have group "staff" if /etc/staff-group-for-usr-local exists, and otherwise they should have group "root". Many packages still unconditionally chown