On 21/11/17 18:46, Oliver Isaac wrote: > Hello, > > There is an incorrect assertion made in the chmod man page: > > Under the setuid/setgid header it says, "you can set (but not clear) the bits > with a numeric mode" > > This is not entirely true. If you prefix your numeric mode with a 0 then it > will work: > > e.g.: > > touch myfile > chmod 644 myfile > ls -l myfile > chmod g+s myfile > Is -l myfile > chmod 00644 myfile > is -l myfile > > > This simple test shows that you can clear the uid/gid bits with numeric mode > which is especially useful in scripts. > > An update to the man page to clarify this would be helpful.
Yes we should update the man page to be consistent. The current text was added in COREUTILS-6_9-89-gf4a5097 It was correct at the time, but slightly ambiguous as it might be missed that the paragraph pertains only to directories, and not files. Then http://debbugs.gnu.org/8391 (v8.15-64-g8931cdb) changed things to allow leading 00 to clear the setuid and setgid bits of _directories_ with numeric modes. BTW I notice solaris accepts 00755 as a mode but does _not_ clear these bits for directories. I.E. the most portable and simplest way to access this functionality is to use `chmod -s dir` Proposed patch attached. cheers, Pádraig
>From 532b4285de02190aa9cf36140d83a8b871080458 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=A1draig=20Brady?= <[email protected]> Date: Sat, 9 Dec 2017 18:26:56 -0800 Subject: [PATCH] doc: clarify numeric setuid handling in chmod man page * man/chmod.x: Update the information to state one can clear the setuid and setgid bits for directories numerically using an additional leading '0' or a leading '='. That has been supported since v8.15-64-g8931cdb. Fixes https://bugs.gnu.org/29390 --- man/chmod.x | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/man/chmod.x b/man/chmod.x index ff013a3..cf31ea7 100644 --- a/man/chmod.x +++ b/man/chmod.x @@ -87,14 +87,19 @@ functionality of the underlying system call. When in doubt, check the underlying system behavior. .PP +For directories .B chmod -preserves a directory's set-user-ID and set-group-ID bits unless you +preserves set-user-ID and set-group-ID bits unless you explicitly specify otherwise. You can set or clear the bits with symbolic modes like .B u+s and -.BR g\-s , -and you can set (but not clear) the bits with a numeric mode. +.BR g\-s . +To clear these bits for directories with a numeric mode requires +an additional leading zero, or leading = like +.B 00755 +, or +.B =755 .SH "RESTRICTED DELETION FLAG OR STICKY BIT" The restricted deletion flag or sticky bit is a single bit, whose interpretation depends on the file type. For directories, it prevents -- 2.9.3
