[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: sudo make install
Re: sudo make install
Thu, 16 Apr 2015 15:04:46 -0600
Michael Heerdegen wrote:
> Is the ownership of the /usr/local directory tree the only important
> property of the staff group, or is it used for other purposes as well?
> With other words: what are the consequences of adding my user to the
> staff group, other than that I will be able to modify the /usr/local
None. There are no other consequences unless you add them on your
First there is this entry in the Securing Debian HOWTO.
That mentions not just /usr/local but also /home. I have seen some
sites change /home to be owned by group staff and extend the group
there but it is not done by default.
$ ls -ld /home
drwxr-xr-x 12 root root 4096 Jan 9 2014 /home
The Debian Policy manual says:
...a large section of details...
However, because /usr/local and its contents are for exclusive use
of the local administrator, a package must not rely on the presence
or absence of files or directories in /usr/local for normal
The /usr/local directory itself and all the subdirectories created by
the package should (by default) have permissions 2775 (group-writable
and set-group-id) and be owned by root:staff.
If you install a pristine installation of Debian and run 'find' across
it you will locate two directory trees that are writable by group
That is it. No other ramifications.
This is all part of UPG (User-Private-Groups). In order to facilitate
multiple people being able to work in a shared directory the strategy
is to place those people in a shared group. Here we are talking about
the 'staff' group. Then the user should have a 'umask 02' setting so
that new files are created group writable so that the other members of
the group can write them. If you are a solo individual on your system
working then the umask won't matter but I note it as part of the
I will close by saying that the address@hidden mailing
list is the best place to discuss Debian specific things such as
group 'staff' and 'adm' and other such things. Although I like the
strategy enough that I convert the RHEL/CentOS systems I administer to
that scheme too.
- Re: sudo make install, (continued)
- Re: sudo make install, Stefan Monnier, 2015/04/14
- Re: sudo make install, Bob Proulx, 2015/04/16
- Re: sudo make install, Michael Heerdegen, 2015/04/16
- Re: sudo make install,
Bob Proulx <=
- Re: sudo make install, Michael Heerdegen, 2015/04/17
- Re: sudo make install, Bob Proulx, 2015/04/18
- Re: sudo make install, Michael Heerdegen, 2015/04/19
- Re: sudo make install, Bob Proulx, 2015/04/19
- Re: sudo make install, Michael Heerdegen, 2015/04/20
- Re: sudo make install, Bob Proulx, 2015/04/20