GNU bug report logs -
#22511
chown: add "--preserve-setuid" option
Previous Next
To reply to this bug, email your comments to 22511 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-coreutils <at> gnu.org:
bug#22511; Package
coreutils.
(Mon, 01 Feb 2016 03:17:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
William Di Luigi <williamdiluigi <at> gmail.com>:
New bug report received and forwarded. Copy sent to
bug-coreutils <at> gnu.org.
(Mon, 01 Feb 2016 03:17:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Hi,
if I understand it correctly, chown clears the setuid bit for security
reasons (since, when changing the owner or group for a file, you could
potentially be allowing *new people* to run that file as root).
While this is good for security, sometimes you want to be able to
preserve the setuid bit. For example, when packaging software
(https://bbs.archlinux.org/viewtopic.php?pid=1600551)
What do you think about adding a "--preserve-setuid" optional flag?
Regards,
William
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#22511; Package
coreutils.
(Mon, 01 Feb 2016 08:21:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 22511 <at> debbugs.gnu.org (full text, mbox):
Hi,
On Mon, Feb 01, 2016 at 03:33:29AM +0100, William Di Luigi wrote:
> if I understand it correctly, chown clears the setuid bit for security
> reasons (since, when changing the owner or group for a file, you could
> potentially be allowing *new people* to run that file as root).
>
> While this is good for security, sometimes you want to be able to
> preserve the setuid bit. For example, when packaging software
> (https://bbs.archlinux.org/viewtopic.php?pid=1600551)
How about using "install" to install files, setting owner and mode bits
in one go?
HTH,
Erik
--
Always use the right tool for the job.
-- Rob Pike
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#22511; Package
coreutils.
(Mon, 01 Feb 2016 09:34:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 22511 <at> debbugs.gnu.org (full text, mbox):
On Mon, Feb 1, 2016 at 9:20 AM, Erik Auerswald
<auerswal <at> unix-ag.uni-kl.de> wrote:
> How about using "install" to install files, setting owner and mode bits
> in one go?
Mmm I guess it's just that, since I'm packaging an already existing
software, I'd like to patch it as little as possible. In fact, the
Makefile for this software already sets the setuid bit on the file
that needs it. I only need to change the group of that file (and thus
I need to run the chown command on it). However, since chown removes
the setuid bit, I have to "add it back" in the packaging script.
It doesn't make much of a difference, since I can just do chown and
chmod (as I currently do). However, if the proposed flag is
implemented, I can avoid "adding back" the setuid bit and thus I can
simplify the packaging script (well, not by much, I would remove just
2 lines: the chmod line and the bash comment explaining why the chmod
is there).
--
William
Severity set to 'wishlist' from 'normal'
Request was from
Assaf Gordon <assafgordon <at> gmail.com>
to
control <at> debbugs.gnu.org.
(Thu, 25 Oct 2018 15:30:02 GMT)
Full text and
rfc822 format available.
Changed bug title to 'chown: add "--preserve-setuid" option' from '[request] Add "--preserve-setuid" to the chown command'
Request was from
Assaf Gordon <assafgordon <at> gmail.com>
to
control <at> debbugs.gnu.org.
(Thu, 25 Oct 2018 15:30:02 GMT)
Full text and
rfc822 format available.
This bug report was last modified 6 years and 235 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.