Jan Schaumann <jscha...@netmeister.org> writes:

> Hello,
> The manual page for chown(1) notes:
>     The ownership of a file may only be altered by a super-user for
>     obvious security reasons.
>     Unless invoked by the super-user, chown clears the set-user-id and
>     set-group-id bits on a file to prevent accidental or mischievous
>     creation of set-user-id and set-group-id programs.
> I observe:
> $ ls -l a.out
> -rwsr-xr-x  1 root  wheel  10468 Sep 18 16:59 a.out
> $ sudo chown nobody a.out
> $ ls -l a.out            
> -rwxr-xr-x  1 nobody  wheel  10468 Sep 18 16:59 a.out

The relevant standards permit and actually seem to require this


So it seems that while chown(2) may clear the bits when the invoking
user is root, chown(8) is required to clear them (on regular files).

> Two questions:
> (1) If chowning files is only possible by the super-user ("for obvious
> security reasons"), then why do we bother explicitly noting that "Unless
> invoked by the super-user..." it clears the setuid bits?  Isn't the
> "Unless" clause redundant if chown(1) cannot succeed without super-user
> privs anyway?

Arguably this should perhaps be rephrased to be more
security-model-neutral anyway.

Attachment: signature.asc
Description: PGP signature

Reply via email to