Bug#576344: coreutils: [chmod] doesn't remove SUID and SGID bits from directories when using octal numbers

Sat, 03 Apr 2010 12:24:51 -0700 

Oh, for the archive I should also point out that this is also
documented in the info pages.  I will include a direct link to the
documentation node.

Bob

  $ info coreutils 'Directory Setuid and Setgid'

26.4 Directories and the Set-User-ID and Set-Group-ID Bits
==========================================================

On most systems, if a directory's set-group-ID bit is set, newly
created subfiles inherit the same group as the directory, and newly
created subdirectories inherit the set-group-ID bit of the parent
directory.  On a few systems, a directory's set-user-ID bit has a
similar effect on the ownership of new subfiles and the set-user-ID
bits of new subdirectories.  These mechanisms let users share files
more easily, by lessening the need to use `chmod' or `chown' to share
new files.

   These convenience mechanisms rely on the set-user-ID and set-group-ID
bits of directories.  If commands like `chmod' and `mkdir' routinely
cleared these bits on directories, the mechanisms would be less
convenient and it would be harder to share files.  Therefore, a command
like `chmod' does not affect the set-user-ID or set-group-ID bits of a
directory unless the user specifically mentions them in a symbolic
mode, or sets them in a numeric mode.  For example, on systems that
support set-group-ID inheritance:

     # These commands leave the set-user-ID and
     # set-group-ID bits of the subdirectories alone,
     # so that they retain their default values.
     mkdir A B C
     chmod 755 A
     chmod 0755 B
     chmod u=rwx,go=rx C
     mkdir -m 755 D
     mkdir -m 0755 E
     mkdir -m u=rwx,go=rx F

   If you want to try to set these bits, you must mention them
explicitly in the symbolic or numeric modes, e.g.:

     # These commands try to set the set-user-ID
     # and set-group-ID bits of the subdirectories.
     mkdir G H
     chmod 6755 G
     chmod u=rwx,go=rx,a+s H
     mkdir -m 6755 I
     mkdir -m u=rwx,go=rx,a+s J

   If you want to try to clear these bits, you must mention them
explicitly in a symbolic mode, e.g.:

     # This command tries to clear the set-user-ID
     # and set-group-ID bits of the directory D.
     chmod a-s D

   This behavior is a GNU extension.  Portable scripts should not rely
on requests to set or clear these bits on directories, as POSIX allows
implementations to ignore these requests.



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to