GNU bug report logs - #8391
chmod setuid & setguid bits

Previous Next

Package: coreutils;

Reported by: Christian <chris <at> computersalat.de>

Date: Thu, 31 Mar 2011 16:48:04 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Erik Auerswald <auerswal <at> unix-ag.uni-kl.de>
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: Christian <chris <at> computersalat.de>, bug-coreutils <at> gnu.org
Subject: bug#8391: chmod setuid & setguid bits
Date: Fri, 1 Apr 2011 11:10:45 +0200

Hi,

On Thu, Mar 31, 2011 at 11:54:26AM -0700, Paul Eggert wrote:
> On 03/31/2011 11:25 AM, Christian wrote:
> > and using "0755" is explicit enough, isn't it ?
> 
> Unfortunately it's not that simple, as having 0755 mean
> something different from 755 would violate the principle
> of least surprise.

I am very surprised that explicitly specifying 0 for SUID, SGID, sticky is
silently ignored.

> Please see the thread starting at
> <http://lists.gnu.org/archive/html/bug-coreutils/2006-07/msg00124.html>.

Quoting from that message:
>   set-user-ID and set-group-ID bits instead of clearing them.  If
>   you want to clear the bits you can mention them explicitly, e.g.,
>   `chmod 0755 DIR' and `chmod a-s,u=rwx,go=rx DIR'.
     ^^^^^^^^^^^^^^

How could one be more explicit?

Paul Eggert seemed to agree:
<http://lists.gnu.org/archive/html/bug-coreutils/2006-07/msg00125.html>
>   However, I would argue that this is more confusing than
>   what we've got right now, since "chmod 0755 DIR" clearly requests to
>   clear the setgid bit.

Jim Meyering disagreed:
<http://lists.gnu.org/archive/html/bug-coreutils/2006-07/msg00128.html>
>   Treating that leading '0' as significant violates the principle of
>   least surprise.  Not to say that everyone who uses chmod(1) even knows
>   what an octal number is, but enough of us are used to that leading zero
>   being insignificant that I think it should remain negligible.
> [...]
>   To me, it's not a clear request to clear the setgid bit.

Eric Blake suggested a weird looking (to me anyway ;) solution:
<http://lists.gnu.org/archive/html/bug-coreutils/2006-07/msg00130.html>
>   Should we document "chmod 00500 dir" as an explicit way to clear the
>   bit, or just require a textual mode string?

Furthermore, it was found that vendor's implementations of chmod surprise
in different ways.

I'd suggest adding a warning if chmod (and possibly other utils) encounter
an octal mode number with leading 0, as that might mean 'octal' or 'zero'.
I'd definitely prefer interpreting the leading 0 as a zero for the
SUID/SGID/sticky bits, but coreutil's viewpoint obviuosly differs...

Regards,
Erik
-- 
If you don't know what you are doing, advance designs will not help.
                        -- Eric Allman
This bug report was last modified 13 years and 80 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.