chgrp resets the setuid and getgid bits
Markku Kolkka
markkuk at tuubi.net
Tue Jul 25 11:43:17 UTC 2006
Ben Stringer kirjoitti viestissään (lähetysaika tiistai, 25.
heinäkuuta 2006 12:44):
> I observed this today on an RHEL4 system, and it applies to
> Fedora also. I don't understand why this occurs - is it a
> security feature?
It behaves as defined in the Single Unix Specification:
http://www.opengroup.org/onlinepubs/009695399/utilities/chgrp.html
"Unless chgrp is invoked by a process with appropriate
privileges, the set-user-ID and set-group-ID bits of a regular
file shall be cleared upon successful completion; the
set-user-ID and set-group-ID bits of other file types may be
cleared."
The reason is explained in the documentation of the chown()
system call:
http://www.opengroup.org/onlinepubs/009695399/functions/chown.html
"The POSIX.1-1990 standard requires that the chown() function
invoked by a non-appropriate privileged process clear the
S_ISGID and the S_ISUID bits for regular files, and permits them
to be cleared for other types of files. This is so that changes
in accessibility do not accidentally cause files to become
security holes."
--
Markku Kolkka
markku.kolkka at iki.fi
More information about the fedora-list
mailing list