Right, the new behavior is intended to exactly match SunOS/Solaris and is
should be more consistent with the rest of UNIX in general. The old
behavior was highly nonstandard and made group-controlled permissions on
directories (e.g. with CVS) rather impractical (and for that matter didn't
even match its own comments or man page).
I consulted POSIX and UNIX98 as well, but they did not have anything to say
about root doing chown and chgrp, so I went for "standard UNIX practice".
I'm also skeptical there is any compelling security reason to drop setuid
when root is doing a chown/chgrp, if root can chown it root can just as
well chmod it again afterwards. Also, if root chowning causes bits in
permissions to be cleared, it can result in some utilities not preserving
permissions as expected when doing copies and restores (depending on the
order the utility does the chown and chmod in).
Paraphrasing from POSIX.1/UNIX98 by Andrew Josey of TOG:
> Unless chown() is invoked by a process with appropriate privileges,
> the set-user-ID and set-group-ID bits of a regular file will be cleared
> upon successful completion; the set-user-ID and set-group-ID bits of
> other file types may be cleared. If the process has appropriate
> privileges it is implementation defined whether the bits are cleared.
>
> The specification only defines the behavior for regular files, and
> intentionally says it "may be cleared" on other file types to allow
> implementations to use these bits in other ways for directories and
> other files. For example on many systems (at least SVR4) doing a chmod
> g+s on a directory causes files to be created in that directory to take
> on the group ownership of the directory.
Anyone care to check behavior on *BSD, Digital/Compaq UNIX, HP/UX,
UnixWare, AIX, etc.? Don't forget, directories are treated different from
files and sgid bits may be treated differently from suid bits.
--- David C Niemi ---niemi at tux.org--- Reston, Virginia, USA ---
But only the man who cares about something in itself, who loves
it and does it *con amore*, will do it in all seriousness. The
highest achievement has always been that of such men, and not of
the hacks who serve for pay. -- Arthur Schopenhauer
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/