LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-06-2011, 08:13 AM   #1
orko
Member
 
Registered: Nov 2003
Location: Chittagong, Bangladesh
Distribution: RHEL 5
Posts: 63

Rep: Reputation: 19
confusion on SGID and Sticky bit in RHEL6


i m a bit confused when removing SGID and Sticky bit on a folder in RHEL6 in numaric method. please consider the following commands:

with the command "chmod 0775 /test" all special permission on the folder /test should be removed. but its not working at all.

root@station22 ~]# chmod 1775 /test
[root@station22 ~]# stat /test
File: `/test'
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 808h/2056d Inode: 394830 Links: 3
Access: (1775/drwxrwxr-t) Uid: ( 0/ root) Gid: ( 504/ rhce)
Access: 2011-07-06 23:29:40.852197810 +0600
Modify: 2011-07-07 00:04:53.685697270 +0600
Change: 2011-07-07 00:05:42.366818059 +0600
[root@station22 ~]# chmod 2775 /test
[root@station22 ~]# !stat
stat /test
File: `/test'
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 808h/2056d Inode: 394830 Links: 3
Access: (2775/drwxrwsr-x) Uid: ( 0/ root) Gid: ( 504/ rhce)
Access: 2011-07-06 23:29:40.852197810 +0600
Modify: 2011-07-07 00:04:53.685697270 +0600
Change: 2011-07-07 00:05:58.874818476 +0600
[root@station22 ~]# chmod 1775 /test
[root@station22 ~]# !stat
stat /test
File: `/test'
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 808h/2056d Inode: 394830 Links: 3
Access: (3775/drwxrwsr-t) Uid: ( 0/ root) Gid: ( 504/ rhce)
Access: 2011-07-06 23:29:40.852197810 +0600
Modify: 2011-07-07 00:04:53.685697270 +0600
Change: 2011-07-07 00:06:12.691694970 +0600
[root@station22 ~]# chmod 0775 /test
[root@station22 ~]# !stat
stat /test
File: `/test'
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 808h/2056d Inode: 394830 Links: 3
Access: (2775/drwxrwsr-x) Uid: ( 0/ root) Gid: ( 504/ rhce)
Access: 2011-07-06 23:29:40.852197810 +0600
Modify: 2011-07-07 00:04:53.685697270 +0600
Change: 2011-07-07 00:06:23.552693385 +0600
 
Old 07-06-2011, 09:06 AM   #2
Nominal Animal
Senior Member
 
Registered: Dec 2010
Location: Finland
Distribution: Xubuntu, CentOS, LFS
Posts: 1,723
Blog Entries: 3

Rep: Reputation: 946Reputation: 946Reputation: 946Reputation: 946Reputation: 946Reputation: 946Reputation: 946Reputation: 946
man chmod:
Quote:
chmod preserves a directory's set-user-ID and set-group-ID bits unless you explicitly specify otherwise. You can set or clear the bits with symbolic modes like u+s and g-s, and you can set (but not clear) the bits with a numeric mode.
In other words, chmod 0775 /test will not remove set-user-ID or set-group-ID bits from directory /test; use e.g. chmod a-st,u=rwx,g=rwx,o=rx /test for that instead. (a-st alone will remove set-user-ID, set-group-ID, and sticky bit, leaving the user, group, and access mode intact.)
 
Old 07-06-2011, 09:22 AM   #3
orko
Member
 
Registered: Nov 2003
Location: Chittagong, Bangladesh
Distribution: RHEL 5
Posts: 63

Original Poster
Rep: Reputation: 19
ya. bit clear is working with symbolic method. but in rhel5 it was working in numaric method too. 0755 made all bits clear in rhel5. so this is new feature(?!) in rhel6 ?? can anyone say why ??
 
Old 07-06-2011, 11:50 PM   #4
Nominal Animal
Senior Member
 
Registered: Dec 2010
Location: Finland
Distribution: Xubuntu, CentOS, LFS
Posts: 1,723
Blog Entries: 3

Rep: Reputation: 946Reputation: 946Reputation: 946Reputation: 946Reputation: 946Reputation: 946Reputation: 946Reputation: 946
In July 2006, the coreutils developers found that the behaviour of chmod differs between various systems (Solaris 10 and OpenBSD 3.9, for example). Since the sticky, set-user-ID, and set-group-ID bits on a directory are special, and should not be accidentally *removed* by a user, they decided to change the behaviour of the coreutils chmod command.

Red Hat didn't pick up the change until RHEL 6, I think.

See for example this discussion thread on the bug-coreutils mailing list.

I personally use the set-group-ID bit on directories extensively on servers, to allow administrator access control via local groups (and not user accounts at all). (The set-group-ID makes new files and directories inherit the group from the directory, and not from the user.) I recommend it warmly, it has worked very, very well for the last few years. I do need to check now and then if some user has accidentally unset the set-group-ID bit on some directory, because that will obviously break things.

Therefore, I think this chmod behaviour change is very beneficial. A chmod 0755 dir or chmod g=rwx dir command will no longer remove the set-group-ID bit. This eliminates the typical error that breaks group-based access control. (Actually, after this change in chmod behaviour, I do think it will only break by a deliberate attempt, and not by innocent accident anymore.)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
what is "sticky bit mode" , "SUID" , "SGID" augustus123 Linux - General 10 08-03-2012 05:40 AM
Sticky situation bcos of sticky bit Voyager7 Linux - Newbie 4 03-01-2011 12:29 AM
Problem with SUID, SGID and Sticky Bit kinamedebo Linux - Newbie 5 02-26-2010 08:27 AM
what are suid , sgid and sticky bit ? kishor2489 Linux - Newbie 1 01-28-2010 11:28 PM
sgid and sticky bit levis_inferno Linux - Networking 5 06-01-2006 02:00 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration