From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Bob Proulx Newsgroups: gmane.emacs.help Subject: Re: sudo make install Date: Thu, 16 Apr 2015 15:04:46 -0600 Message-ID: <20150416143415154796888@bob.proulx.com> References: <87pp76wl1e.fsf@web.de> <20150415151457700363175@bob.proulx.com> <87r3rkbalh.fsf@web.de> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1429218305 1275 80.91.229.3 (16 Apr 2015 21:05:05 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 16 Apr 2015 21:05:05 +0000 (UTC) Cc: help-gnu-emacs@gnu.org To: Michael Heerdegen Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Thu Apr 16 23:05:04 2015 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Yiqy8-0007hc-7j for geh-help-gnu-emacs@m.gmane.org; Thu, 16 Apr 2015 23:05:04 +0200 Original-Received: from localhost ([::1]:38579 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yiqy7-0001H6-Hi for geh-help-gnu-emacs@m.gmane.org; Thu, 16 Apr 2015 17:05:03 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:57781) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yiqxv-0001Gw-0v for help-gnu-emacs@gnu.org; Thu, 16 Apr 2015 17:04:52 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Yiqxr-0003NW-LN for help-gnu-emacs@gnu.org; Thu, 16 Apr 2015 17:04:50 -0400 Original-Received: from joseki.proulx.com ([216.17.153.58]:43538) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yiqxr-0003NM-8F for help-gnu-emacs@gnu.org; Thu, 16 Apr 2015 17:04:47 -0400 Original-Received: from hysteria.proulx.com (hysteria.proulx.com [192.168.230.119]) by joseki.proulx.com (Postfix) with ESMTP id 805FD21230; Thu, 16 Apr 2015 15:04:46 -0600 (MDT) Original-Received: by hysteria.proulx.com (Postfix, from userid 1000) id 5994C2DC42; Thu, 16 Apr 2015 15:04:46 -0600 (MDT) Mail-Followup-To: Michael Heerdegen , help-gnu-emacs@gnu.org Content-Disposition: inline In-Reply-To: <87r3rkbalh.fsf@web.de> User-Agent: Mutt/1.5.23 (2014-03-12) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 216.17.153.58 X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Original-Sender: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.help:103765 Archived-At: Michael Heerdegen wrote: > Is the ownership of the /usr/local directory tree the only important > property of the staff group, or is it used for other purposes as well? > > With other words: what are the consequences of adding my user to the > staff group, other than that I will be able to modify the /usr/local > tree? None. There are no other consequences unless you add them on your system. First there is this entry in the Securing Debian HOWTO. https://www.debian.org/doc/manuals/securing-debian-howto/ch12.en.html#s12.1.12.3 That mentions not just /usr/local but also /home. I have seen some sites change /home to be owned by group staff and extend the group there but it is not done by default. $ ls -ld /home drwxr-xr-x 12 root root 4096 Jan 9 2014 /home The Debian Policy manual says: https://www.debian.org/doc/debian-policy/ch-opersys.html#s9.1.2 ...a large section of details... However, because /usr/local and its contents are for exclusive use of the local administrator, a package must not rely on the presence or absence of files or directories in /usr/local for normal operation. The /usr/local directory itself and all the subdirectories created by the package should (by default) have permissions 2775 (group-writable and set-group-id) and be owned by root:staff. If you install a pristine installation of Debian and run 'find' across it you will locate two directory trees that are writable by group staff. /usr/local /var/local That is it. No other ramifications. This is all part of UPG (User-Private-Groups). In order to facilitate multiple people being able to work in a shared directory the strategy is to place those people in a shared group. Here we are talking about the 'staff' group. Then the user should have a 'umask 02' setting so that new files are created group writable so that the other members of the group can write them. If you are a solo individual on your system working then the umask won't matter but I note it as part of the overall strategy. I will close by saying that the debian-user@lists.debian.org mailing list is the best place to discuss Debian specific things such as group 'staff' and 'adm' and other such things. Although I like the strategy enough that I convert the RHEL/CentOS systems I administer to that scheme too. Bob