chmod always unsets setgid bit on directories if I'm not in a group

3

1

Here's the scenario: I'm using Ubuntu Linux (12.10, if it matters), and I've got a directory whose permissions are thus:

drwxrws--- paul www-data    myfolder/

You can see the setgid bit is set. If I change any permissions on this folder (e.g., chmod o+x myfolder) it unsets the setgid bit.

According to chmod's manpage:

chmod preserves a directory's set-user-ID and set-group-ID bits unless you explicitly specify otherwise.

Elsewhere, it says that it unsets the setgid bit if the file's group doesn't match the user's effective group ID, but only on regular files (i.e., not folders). So, because my group is paul rather than www-data, I'd expect the above to happen if myfolder/ were a regular file, but it ain't -- it's a directory.

So either I'm understanding the manual wrong, or chmod is not obeying its own instructions. Does anyone know which?

Paul d'Aoust

Posted 2012-12-05T01:10:33.443

Reputation: 131

Answers

0

It is explained in the same section you already quoted from the manpage of chmod

SETUID AND SETGID BITS

[...]

This behavior depends on the policy and functionality of the underlying chmod system call. When in doubt, check the underlying system behavior.

When tracing chmod it tries to set the setgid bit but the underlying chmod() system call ignores it.

fchmodat(AT_FDCWD, "b", 02755)          = 0

As you see S_ISGID (02000) is set by the chmod command but not by the chmod() [here: fchmodat()] systemcall:

drwxr-xr-x 2 me notmygrp 16 Mar 19 12:37 b

So the removal of the setgid bit is also true for directories if you are not member of the group.

mariux

Posted 2012-12-05T01:10:33.443

Reputation: 135

Asked: 2012-12-05T01:10:33.443

Viewed: 1 140 times

Active: 2013-03-26T21:15:20.173