bug-coreutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: chmod set-gid/set-uid behavior change issues


From: Paul Eggert
Subject: Re: chmod set-gid/set-uid behavior change issues
Date: Thu, 27 Jul 2006 02:31:10 -0400
User-agent: Gnus/5.1008 (Gnus v5.10.8) Emacs/21.4 (gnu/linux)

Jim Meyering <address@hidden> writes:

>> If we remove this feature, I'd like to change things to be 100%
>> consistent with Solaris, and to preserve the setgid bit even if the
>> user says "chmod 0755 DIR".
>
> I think that is the right approach.

I started to implement this, but oops!  I now see that I
mischaracterized the behavior of Solaris chmod and octal modes.

Here's the problem.  If DIR is a directory, Solaris 10 "chmod NNNN
DIR" ignores the setgid bit in NNNN entirely.  For example, "chmod
2755 DIR" ignores the "2", just as "chmod 0755 DIR" ignores the "0":

   1037-moa $ ls -ld d
   drwxr-xr-x   2 eggert   faculty      512 Jul 26 22:17 d
   1038-moa $ chmod 2755 d
   1039-moa $ ls -ld d
   drwxr-xr-x   2 eggert   faculty      512 Jul 26 22:17 d
   1040-moa $ chmod g+s d
   1041-moa $ ls -ld d
   drwxr-sr-x   2 eggert   faculty      512 Jul 26 22:17 d
   1042-moa $ chmod 0755 d
   1043-moa $ ls -ld d
   drwxr-sr-x   2 eggert   faculty      512 Jul 26 22:17 d

To me, this behavior violates the principle of least surprise at least
as much as the CVS coreutils behavior does, since I was surprised that
"chmod 2755 DIR" silently ignores the "2" on Solaris.

Here's a possible workaround.  I could change coreutils to ignore
leading zeros on octal modes (this satisfies Jim's criterion that
"chmod 0755 DIR" act like "chmod 755 DIR").  I could also change the
underlying code so that requests to clear the setgid bit on a
directory via an octal mode are ignored, but requsts to set the bit
are obeyed.

Under this possible workaround, "chmod 755 DIR" and "chmod 0755 DIR"
would both preserve the setgid bit, but "chmod 2755 DIR" would set it.
The only way to clear it would be via a symbolic mode, e.g., "chmod
g-s DIR".  This is biased towards keeping the setgid set.  It is not
100% compatible with Solaris, because the behavior differs for "chmod
2755 DIR".

A downside of this possible workaround is complexity.  It would be a
bit simpler to go back to the previous rule that "chmod 755 DIR"
clears DIR's setgid bit.  That is biased towards clearing the setgid
bit though, which I find less convenient in practice.

So we have the following possibilities:

1) CVS coreutils.  chmod preserves setgid on directories unless you use
   4 or more octal digits, or a symbolic mode that mentions setgid.

2) The possible workaround in this email.  chmod preserves setgid on
   directories unless you use an octal mode that sets setgid, or a
   symbolic mode that mentions setgid.

3) Solaris.  chmod preserves setgid on directories unless you use
   a symbolic mode that mentions setgid.

4) Previous CVS coreutils (before July 16).  chmod preserves setgid on
   directories only if you use a symbolic mode like 'u+r' where POSIX
   requires that setgid be preserved.  Symbolic modes like 'a=rwx'
   clear setgid even if they don't mention setgid.

After thinking about the above issues I slightly prefer (1) to (2),
and prefer (2) to (3).  I dislike (4) because it is too biased against
setgid bits: in practice this makes it harder to share directories
among users who wish to cooperate.

Perhaps you can think of more possibilities, but it's late and I'm
tired.  Anyway, just let me know and I can implement any of them
(though I hope you don't pick (4) :-).




reply via email to

[Prev in Thread] Current Thread [Next in Thread]