Bug#1126947: asterisk: always creates /usr/local/share/asterisk/sounds as 2775 root:staff
Simon McVittie
smcv at debian.org
Wed Feb 4 12:20:57 GMT 2026
Package: asterisk
Version: 1:22.8.0+dfsg+~cs6.15.60671435-1
Severity: normal
User: smcv at debian.org
Usertags: dh-usrlocal
Prompted by recent changes in fontconfig and its handling of
/usr/local/share/fonts, I noticed that asterisk also creates a directory
below /usr/local with mode 2775 and owner root:staff.
According to Policy §9.1.2, since Policy 4.1.4 (2018), directories below
/usr/local should normally be created with mode 0755 and owner
root:root, a change that was made to avoid privilege escalation by
members of the staff group. (There's a flag file to opt back in to the
old behaviour.)
Instead of open-coding the necessary logic, I would suggest using
dh_usrlocal to create this directory. The procedure to do that is
something like this:
1. create debian/asterisk/usr/local/share/asterisk/sounds
(for example with `install -d` in d/rules, or probably using
debian/asterisk.dirs would also work)
2. make sure dh_usrlocal is run (normally dh will run it)
3. remove open-coded logic in maintainer scripts to create (and possibly
remove) this directory
4. make sure the #DEBHELPER# placeholder appears in any maintainer scripts
that still exist
dh_usrlocal will insert maintainer script snippets generated from
/usr/share/debhelper/autoscripts/ to create and remove the directories
when appropriate.
Thanks,
smcv
More information about the Pkg-voip-maintainers
mailing list