Desativar o bit setgid com o modo numérico chmod

Navegue suas respostas
1

Acabei de notar um comportamento interessante com chmod ao desabilitar o bit setgid: 

$ mkdir test
$ chmod 2755 test
$ stat -c '%a %n' test
2755 test  # as expected
$ chmod 0755 test
$ stat -c '%a %n' test
2755 test  # what? see below
$ chmod 00755 test
$ stat -c '%a %n' test
755 test  # double what?!

A tentativa de desarmar o bit setgid com chmod 0755 não funciona, o que é surpreendente. No entanto, a página man indica que esse é o comportamento pretendido:

SETUID AND SETGID BITS

chmod clears the set-group-ID bit of a regular file if the file's group ID does not match the user's effective group ID or one of the user's supplementary group IDs, unless the user has appropriate privileges. Additional restrictions may cause the set-user-ID and set-group-ID bits of MODE or RFILE to be ignored. This behavior depends on the policy and functionality of the underlying chmod system call. When in doubt, check the underlying system behavior.

chmod preserves a directory's set-user-ID and set-group-ID bits unless you explicitly specify otherwise. You can set or clear the bits with symbolic modes like u+s and g-s, and you can set (but not clear) the bits with a numeric mode.

(ênfase adicionada)

Então, parece que chmod 0755 não foi feito para desarmar o bit setgid. Por que, então, o chmod 00755 não está definido? chmod parece não ter nenhum uso para cinco dígitos de um modo numérico. Mais uma vez na página man:

A numeric mode is from one to four octal digits (0-7), derived by adding up the bits with values 4, 2, and 1. Omitted digits are assumed to be leading zeroes.

(ênfase adicionada)

O que está acontecendo aqui? Por que chmod decide ignorar um único 0 inicial? Por que não ignora dois 0's principais?

(Debian Stretch 9.1, com chmod (GNU Coreutils) 8.6)

    
por Scott Colby 21.09.2017 / 01:27

2 respostas

2

Eu encontrei! Esta informação está em falta na página man, mas está no manual online do Coreutils. A saber:

On most systems, if a directory’s set-group-ID bit is set, newly created subfiles inherit the same group as the directory, and newly created subdirectories inherit the set-group-ID bit of the parent directory. On a few systems, a directory’s set-user-ID bit has a similar effect on the ownership of new subfiles and the set-user-ID bits of new subdirectories. These mechanisms let users share files more easily, by lessening the need to use chmod or chown to share new files.

These convenience mechanisms rely on the set-user-ID and set-group-ID bits of directories. If commands like chmod and mkdir routinely cleared these bits on directories, the mechanisms would be less convenient and it would be harder to share files. Therefore, a command like chmod does not affect the set-user-ID or set-group-ID bits of a directory unless the user specifically mentions them in a symbolic mode, or uses an operator numeric mode such as ‘=755’, or sets them in a numeric mode, or clears them in a numeric mode that has five or more octal digits.

Referência: link

    
por 21.09.2017 / 01:49
0

Talvez seja um bug no chmod no Debian Stretch 9.1? Funciona como deveria no Ubuntu 12.04, Ubuntu 16.04.3, CentOS 6.9 e CentOS 7.4.

    
por 21.09.2017 / 01:35

Tags

Posso instalar software no OpenSUSE usando arquivos .deb? Se possível, como? apt - configura as cores