From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-15741-mason-zsh=primenet.com.au@sunsite.dk>
Received: (qmail 18357 invoked from network); 6 Sep 2001 21:10:38 -0000
Received: from sunsite.dk (130.225.51.30)
  by ns1.primenet.com.au with SMTP; 6 Sep 2001 21:10:38 -0000
Received: (qmail 29891 invoked by alias); 6 Sep 2001 21:10:32 -0000
Mailing-List: contact zsh-workers-help@sunsite.dk; run by ezmlm
Precedence: bulk
X-No-Archive: yes
X-Seq: 15741
Received: (qmail 29879 invoked from network); 6 Sep 2001 21:10:30 -0000
From: Bart Schaefer <schaefer@brasslantern.com>
Message-Id: <010906140852.ZM16502@candle.brasslantern.com>
Date: Thu, 6 Sep 2001 14:08:52 -0700
In-Reply-To: <20010906164909.A25119@dman.com>
Comments: In reply to Clint Adams <clint@zsh.org>
        "PATCH: Debian-specific compaudit security" (Sep  6,  4:49pm)
References: <20010906164909.A25119@dman.com>
X-Mailer: Z-Mail Lite (5.0.0 30July97)
To: Clint Adams <clint@zsh.org>, zsh-workers@sunsite.dk
Subject: Re: PATCH: Debian-specific compaudit security
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

On Sep 6,  4:49pm, Clint Adams wrote:
>
> Debian policy requires that /usr/local/share/zsh/site-functions (or
> equivalent) be root:staff mode 2775.

What we need is for compaudit to look for a list of "safe" groups and/or
owners, defaulting to no groups, the current user, and root.

We could use a style for this, which could then be set in the /etc/z*
files as appropriate.