[Piuparts-devel] Bug#898615: piuparts: please check owner+permission of /usr/local subdirectories
jwilk at jwilk.net
Mon May 14 09:56:54 BST 2018
Policy §9.1.2 reads:
>If /etc/staff-group-for-usr-local does not exist, /usr/local and all
>subdirectories created by packages should have permissions 0755 and be
>owned by root:root.
>If /etc/staff-group-for-usr-local exists, /usr/local and subdirectories
>should have permissions 2775 (group-writable and set-group-id) and be
>owned by root:staff.
It would be nice if piuparts could check if the tested packages create
/usr/local subdirectories with the right ownership and permissions.
For example, fontconfig-config_2.13.0-4 does it incorrectly: it creates
/usr/local/share/fonts as 2755 root:staff, regardless of whether
/etc/staff-group-for-usr-local exists or not.
Note that this staff-group-for-usr-local thing was implemented in
debhelper in 11.2 released on 2018-04-07, so it might make sense to skip
packages that were built before that date, at least for the time being.
More information about the Piuparts-devel