mv, cp, and sgid on directories (was: cp -p)

[Jonathan McKeown]

I think you may be getting too deep into the detail.

Think of the bigger picture:

when I move a file, I don't expect that to change its ownership or 
permissions - it would surprise me if it did;

when I make a copy of a file, I expect to own the copy - after all, what use 
is a private copy I can't do anything with?

FreeBSD generally tries hard not to behave in a surprising way.

The bit that still worries me in this discussion is the sgid bit (pun not 
intended, but I'm not going to delete it now!): as I understand it, creating 
a file has different behaviour on SYSV-derived systems and Berkeley-derived 
systems.

SYSV creates files group-owned by the creator's primary group.
BSD creates files which inherit the group-ownership of the directory they are 
created in.

SYSV behaviour can be changed to BSD behaviour per-directory, by using the 
sgid bit on the directory.
BSD behaviour can't be changed and the sgid bit on a directory is ignored.

Again, could someone confirm whether I'm talking nonsense here?

Jonathan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: mv, cp, and sgid on directories (was: cp -p)

[Matthew Seaman]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Jonathan McKeown wrote:

 The bit that still worries me in this discussion is the sgid bit (pun not 
 intended, but I'm not going to delete it now!): as I understand it, creating 
 a file has different behaviour on SYSV-derived systems and Berkeley-derived 
 systems.
 
 SYSV creates files group-owned by the creator's primary group.
 BSD creates files which inherit the group-ownership of the directory they are 
 created in.
 
 SYSV behaviour can be changed to BSD behaviour per-directory, by using the 
 sgid bit on the directory.
 BSD behaviour can't be changed and the sgid bit on a directory is ignored.
 
 Again, could someone confirm whether I'm talking nonsense here?

That's pretty much correct.  Some SysV-ish systems maintained the concept
of a 'current group' which you could switch your login session to, so
long as you were a member of the group in question and you knew the group
password (if any).  Any files you created would have ownership by your
current UID and GID. That, incidentally, is why there is a password field
in /etc/group at all.  It seems to be pretty much of historical interest
only nowadays -- personally I have never seen a system where group passwords
were ever actually used, and I'm not aware of any utility for manipulating
the passwords in /etc/group.

Anyhow, BSD-ish systems always had a different take on exactly how
group ownership of files and processes should work -- one which didn't
depend on the end user consciously remembering to switch current group
at the appropriate time.

There were various other differences in the way various programs worked in
this area. For instance in early versions of SysV it was possible for a
mortal user to give files away (ie. chown(1) a file they owned to another
user).  Needless to say that was pretty quickly recognised for the
security hole that it is and nowadays anything Unix-like will follow
the POSIX.2 standard where you have to be root to change file ownership.

Cheers,

Matthew

- -- 
Dr Matthew J Seaman MA, D.Phil.   7 Priory Courtyard
  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
  Kent, CT11 9PW
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.4 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHrZwJ8Mjk52CukIwRCJU5AKCM29geaM6fSjPs8NmTKWbUvhEfrwCeI0+X
FUdibti5cuxquQTDdSETDgA=
=oPMJ
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]