I was just reading about the effect of Set-user-Id and Set-group-Id bits
on file creation, as they seem like they would be useful for me.
Unfortunately, most of the documentation I have managed to find is
related to GNU systems, and this could easily be different in OpenBSD.
https://www.gnu.org/software/coreutils/manual/html_node/Directory-Setuid-and-Setgid.html
It appears that they have no effect on file creation. Rather, they a
only "on execution", as specified in the manual.
https://man.openbsd.org/chmod
FreeBSD similarly seems to ignore these settings.
https://www.freebsd.org/doc/handbook/permissions.html
Perhaps this is why there is only GNU documentation on this feature;
it seems that it does not exist in OpenBSD. Am I correct in my
conclusion that files created in OpenBSD are always owned by the creator
and group-owned by the directory's group? That is, a GNU system would
mimic this behaviour when u-s,g+s (6000) is set on the directory?
Suppose, for example, I run this as root.
mkdir /test
chown root:wheel /test
chmod a+rwx,u-s,g-s /test
And then this as tlevine
touch /test/a
This is the result.
$ ls -lhd /test{,/a}
drwxrwxrwx 2 root wheel 512B Jul 1 12:46 /test
-rw-r--r-- 1 tlevine wheel 0B Jul 1 12:46 /test/a
I repeat the process, except that I set the user and group id this time. As root,
rm -R /test
mkdir /test
chown root:wheel /test
chmod a+rwx,u-s,g-s /test
As tlevine,
touch /test/a
The resulting /test/a has the same owner and group as before.
$ ls -lhd /test{,/a}
drwsrwsrwx 2 root wheel 512B Jul 1 12:48 /test
-rw-r--r-- 1 tlevine wheel 0B Jul 1 12:48 /test/a
Very conveniently for me, this behaviour (u-s,g+s in GNU) is the mode
that I want. Perhaps this is by design.
No comments:
Post a Comment