--- Begin Message ---
Subject: |
chmod man page - clear setuid/setgid with numerical value |
Date: |
Tue, 21 Nov 2017 20:46:33 -0600 |
Hello,
There is an incorrect assertion made in the chmod man page:
Under the setuid/setgid header it says, "you can set (but not clear) the bits
with a numeric mode"
This is not entirely true. If you prefix your numeric mode with a 0 then it
will work:
e.g.:
touch myfile
chmod 644 myfile
ls -l myfile
chmod g+s myfile
Is -l myfile
chmod 00644 myfile
is -l myfile
This simple test shows that you can clear the uid/gid bits with numeric mode
which is especially useful in scripts.
An update to the man page to clarify this would be helpful.
Thanks,
Oliver
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#29390: chmod man page - clear setuid/setgid with numerical value |
Date: |
Sat, 9 Dec 2017 18:32:53 -0800 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 |
On 21/11/17 18:46, Oliver Isaac wrote:
> Hello,
>
> There is an incorrect assertion made in the chmod man page:
>
> Under the setuid/setgid header it says, "you can set (but not clear) the bits
> with a numeric mode"
>
> This is not entirely true. If you prefix your numeric mode with a 0 then it
> will work:
>
> e.g.:
>
> touch myfile
> chmod 644 myfile
> ls -l myfile
> chmod g+s myfile
> Is -l myfile
> chmod 00644 myfile
> is -l myfile
>
>
> This simple test shows that you can clear the uid/gid bits with numeric mode
> which is especially useful in scripts.
>
> An update to the man page to clarify this would be helpful.
Yes we should update the man page to be consistent.
The current text was added in COREUTILS-6_9-89-gf4a5097
It was correct at the time, but slightly ambiguous as it
might be missed that the paragraph pertains only to directories,
and not files.
Then http://debbugs.gnu.org/8391 (v8.15-64-g8931cdb) changed things
to allow leading 00 to clear the setuid and setgid bits
of _directories_ with numeric modes. BTW I notice solaris
accepts 00755 as a mode but does _not_ clear these bits
for directories.
I.E. the most portable and simplest way to access this functionality
is to use `chmod -s dir`
Proposed patch attached.
cheers,
Pádraig
chmod-setgid-man.patch
Description: Text Data
--- End Message ---