[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

chmod set-gid/set-uid behavior change issues

From: Bob Proulx
Subject: chmod set-gid/set-uid behavior change issues
Date: Tue, 25 Jul 2006 11:18:55 -0600
User-agent: Mutt/1.5.9i

> 2006-07-16  Paul Eggert  <address@hidden>
>       * NEWS: chmod, install, and mkdir now leave setgid and setuid bits
>       of directories alone unless you specify them explicitly.
>       install and mkdir now implement X correctly.
>       install now creates parent directories with mode 755, without
>       changing their owner or group.

> ** Changes in behavior
>   chmod, install, and mkdir now leave a directory's set-user-ID and
>   set-group-ID bits alone unless you explicitly request otherwise.
>   This is for compatibility with BSD and other systems.  For example,
>   `chmod 755 DIR' and `chmod u=rwx,go=rx DIR' now preserve DIR's
>   set-user-ID and set-group-ID bits instead of clearing them.  If
>   you want to clear the bits you can mention them explicitly, e.g.,
>   `chmod 0755 DIR' and `chmod a-s,u=rwx,go=rx DIR'.

Contrary to the statement above my testing shows that FreeBSD chmod
does not behave this way.  Neither does HP-UX.  On a FreeBSD system
'chmod 500 dir' will clear the set-group-ID bit.  Same for HP-UX.
This makes the GNU coreutils chmod command incompatible with BSD and
other systems.

Also, I don't think it is a good idea to make

  chmod 500 dir

behave differently than

  chmod 0500 dir

That simply seems to subtle and will be too confusing to most people.
Could this behavior be reverted?

I noticed this issue because the tests/cp/fail-perm test fails when
run in a set-group-ID directory.

In file tests/cp/fail-perm:

  mkdir D D/D || framework_failure=1
  touch D/a || framework_failure=1
  chmod 0 D/a || framework_failure=1
  chmod 500 D || framework_failure=1

The 'chmod 500' now no longer clears the set-group-ID bit.  The
obvious change is to make that 'chmod 0500'.  making this change
causes the test to pass now.

  -chmod 500 D || framework_failure=1
  +chmod 0500 D || framework_failure=1

However instead of adjusting the test to pass I would like to see
different behavior in the chmod command.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]