>From 4647a343f5e6c903495fa01a50743af5015552a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Va=C5=A1=C3=ADk?= Date: Mon, 5 Mar 2012 14:43:39 +0100 Subject: [PATCH] chmod: Clear special bits for octal modes with 5+ digits or preceeded by @. * NEWS: Mention the changes. * doc/perm.texi (Directory Setuid and Setgid) : Document changes. * tests/chmod/setuid : Check the new behaviour by test. Suggested by Eric Blake. --- NEWS | 4 ++++ doc/perm.texi | 26 +++++++++++++++++++++++--- tests/chmod/setgid | 24 ++++++++++++++++++++++++ 3 files changed, 51 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index 8006669..c0657e2 100644 --- a/NEWS +++ b/NEWS @@ -16,6 +16,10 @@ GNU coreutils NEWS -*- outline -*- split now accepts the --additional-suffix option, to append an additional static suffix to output file names. + chmod, mkdir, install now accept new style of octal mode specification. + When octal mode is preceeded by @ or is 5+ digits long with leading zeros, + it can clear the set user id and set group id bits on directories. + ** Bug fixes mv now lets you move a symlink onto a same-inode destination file that diff --git a/doc/perm.texi b/doc/perm.texi index 84f8500..d1469a9 100644 --- a/doc/perm.texi +++ b/doc/perm.texi @@ -495,7 +495,10 @@ alternative to giving a symbolic mode, you can give an octal (base 8) number that represents the mode. This number is always interpreted in octal; you do not have to add a leading @samp{0}, as you do in C. Mode @samp{0055} is the same as -mode @samp{55}. +mode @samp{55}. However, adding leading zeros to create octal number with +at least 5 digits means that this mode is taken explicitly - so could +clear even the set-user-ID and set-group-ID bits of directories. The +same could be enforced by preceeding the numeric mode by "@@" character. A numeric mode is usually shorter than the corresponding symbolic mode, but it is limited in that normally it cannot take into account the @@ -559,8 +562,11 @@ bits of directories. If commands like @command{chmod} and mechanisms would be less convenient and it would be harder to share files. Therefore, a command like @command{chmod} does not affect the set-user-ID or set-group-ID bits of a directory unless the user -specifically mentions them in a symbolic mode, or sets them in -a numeric mode. For example, on systems that support +specifically mentions them in a symbolic mode, explicitly enforces the +mode by using "@@" character before numeric mode or by at least 5 digits +long octal mode,or when sets them in a numeric mode. + +For example, on systems that support set-group-ID inheritance: @example @@ -598,6 +604,20 @@ explicitly in a symbolic mode, e.g.: chmod a-s D @end example +If you want force the chmod to change directory mode to exact numeric mode +(clear the special bits), you could use at least 5 digit octal mode +or preceed the mode with "@@" character, e.g.: + address@hidden +# These commands try to clear the set-user-ID +# and set-group-ID bits of directories D and E and set +# their permissions to 0755. +mkdir D E +chmod 6755 D E +chmod 00755 D +chmod @@755 E address@hidden example + This behavior is a @acronym{GNU} extension. Portable scripts should not rely on requests to set or clear these bits on directories, as @acronym{POSIX} allows implementations to ignore these requests. diff --git a/tests/chmod/setgid b/tests/chmod/setgid index eaa9351..6db6794 100755 --- a/tests/chmod/setgid +++ b/tests/chmod/setgid @@ -45,4 +45,28 @@ chmod 755 d case `ls -ld d` in drwxr-sr-x*);; *) fail=1;; esac +# make sure that it doesn't clear the special bits for 4 digit octal mode +chmod 0755 d +case `ls -ld d` in drwxr-sr-x*);; *) fail=1;; esac + +# make sure that it doesn't clear the special bits for 4 digit octal mode +# with two leading zeros +chmod 0055 d +case `ls -ld d` in d---r-sr-x*);; *) fail=1;; esac + +# make sure that it clears the special bits for 5 digit octal mode with +# leading zero +chmod 00755 d +case `ls -ld d` in drwxr-xr-x*);; *) fail=1;; esac + +# make sure that it clears the special bits even for more leading zeros +# octal digits +chmod 00000755 d +case `ls -ld d` in drwxr-xr-x*);; *) fail=1;; esac + +# make sure that it clears the special bits even for exact mode(@) +chmod @755 d +case `ls -ld d` in drwxr-xr-x*);; *) fail=1;; esac + + Exit $fail -- 1.7.1