[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: chmod set-gid/set-uid behavior change issues
From: |
Jim Meyering |
Subject: |
Re: chmod set-gid/set-uid behavior change issues |
Date: |
Thu, 27 Jul 2006 18:33:21 +0200 |
Paul Eggert <address@hidden> wrote:
> Jim Meyering <address@hidden> writes:
>>> If we remove this feature, I'd like to change things to be 100%
>>> consistent with Solaris, and to preserve the setgid bit even if the
>>> user says "chmod 0755 DIR".
>>
>> I think that is the right approach.
>
> I started to implement this, but oops! I now see that I
> mischaracterized the behavior of Solaris chmod and octal modes.
>
> Here's the problem. If DIR is a directory, Solaris 10 "chmod NNNN
> DIR" ignores the setgid bit in NNNN entirely. For example, "chmod
> 2755 DIR" ignores the "2", just as "chmod 0755 DIR" ignores the "0":
>
> 1037-moa $ ls -ld d
> drwxr-xr-x 2 eggert faculty 512 Jul 26 22:17 d
> 1038-moa $ chmod 2755 d
> 1039-moa $ ls -ld d
> drwxr-xr-x 2 eggert faculty 512 Jul 26 22:17 d
> 1040-moa $ chmod g+s d
> 1041-moa $ ls -ld d
> drwxr-sr-x 2 eggert faculty 512 Jul 26 22:17 d
> 1042-moa $ chmod 0755 d
> 1043-moa $ ls -ld d
> drwxr-sr-x 2 eggert faculty 512 Jul 26 22:17 d
>
> To me, this behavior violates the principle of least surprise at least
> as much as the CVS coreutils behavior does, since I was surprised that
> "chmod 2755 DIR" silently ignores the "2" on Solaris.
Same here.
> Here's a possible workaround. I could change coreutils to ignore
> leading zeros on octal modes (this satisfies Jim's criterion that
> "chmod 0755 DIR" act like "chmod 755 DIR"). I could also change the
> underlying code so that requests to clear the setgid bit on a
> directory via an octal mode are ignored, but requsts to set the bit
> are obeyed.
This sounds best.
> Under this possible workaround, "chmod 755 DIR" and "chmod 0755 DIR"
> would both preserve the setgid bit, but "chmod 2755 DIR" would set it.
> The only way to clear it would be via a symbolic mode, e.g., "chmod
> g-s DIR". This is biased towards keeping the setgid set. It is not
> 100% compatible with Solaris, because the behavior differs for "chmod
> 2755 DIR".
>
> A downside of this possible workaround is complexity. It would be a
> bit simpler to go back to the previous rule that "chmod 755 DIR"
> clears DIR's setgid bit. That is biased towards clearing the setgid
> bit though, which I find less convenient in practice.
>
> So we have the following possibilities:
>
> 1) CVS coreutils. chmod preserves setgid on directories unless you use
> 4 or more octal digits, or a symbolic mode that mentions setgid.
Using octal digits has been deprecated for ages (octal mode syntax was marked
obsolescent in ISO POSIX-2: 1993 -- but no longer; now it's mandatory).
I think it's best not to change things on this front.
> 2) The possible workaround in this email. chmod preserves setgid on
> directories unless you use an octal mode that sets setgid, or a
> symbolic mode that mentions setgid.
As you've guessed, #2 is the one I prefer.
Re: chmod set-gid/set-uid behavior change issues, Bob Proulx, 2006/07/27
Re: chmod set-gid/set-uid behavior change issues, Bob Proulx, 2006/07/27
Re: chmod set-gid/set-uid behavior change issues, Bob Proulx, 2006/07/27