On 03/31/2011 03:01 AM, Christian wrote:
> Why can I only use symbolic modes for clearing ?
> 
> ----snip chmod(1) ---
> and you can set (but not clear) the bits with a numeric mode.
> ----snip chmod(1) ---
> 
> isn't "chmod 0755 DIR" explicit enough ?

Thanks for the report.  However, this is not a bug.  POSIX states:
http://pubs.opengroup.org/onlinepubs/9699919799/utilities/chmod.html

"For an octal integer mode operand, the file mode bits shall be set
absolutely.

"For each bit set in the octal number, the corresponding file permission
bit shown in the following table shall be set; all other file permission
bits shall be cleared. For regular files, for each bit set in the octal
number corresponding to the set-user-ID-on-execution or the
set-group-ID-on-execution, bits shown in the following table shall be
set; if these bits are not set in the octal number, they are cleared.
For other file types, it is implementation-defined whether or not
requests to set or clear the set-user-ID-on-execution or
set-group-ID-on-execution bits are honored."

A directory is not a regular file.  Therefore, it is
implementation-defined whether the S_ISUID and S_ISGID bits are cleared,
and we have chosen to define that they are not cleared (accidentally
removing the sticky bit of a directory when you only meant to change
access permissions is a security hole).

-- 
Eric Blake   eblake@redhat.com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org