On 20.10.10 13:28, Simon McVittie wrote:
Quoting from base-passwd again:
Allows users to add local modifications to the system (/usr/local, /home)
without needing root privileges. Compare with group 'adm', which is more
related to monitoring/security.
Note that the ability to modify /usr/local is effectively equivalent to
root access (since /usr/local is intentionally on search paths ahead of /
usr), and so you should only add trusted users to this group. Be careful in
environments using NFS since acquiring another non-root user's privileges
is often easier in such environments.
... so in practice, staff is root-equivalent, but in principle it's not meant
to be. (Yay.)
It depends on the definition of "equivalent".
Anyway "staff" is a protection against user (aka admin)* errors*, not
against *malicious* admins.
And this is still an important feature (IMHO), thus with different
objectives as the original proposal.
ciao
cate
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4cc0637b.7070...@debian.org
