yesthattom | Today's Unix Trivia

You're viewing

yesthattom's journal
Create a Dreamwidth Account Learn More

Reload page in style: site light

If you write to a file that is SUID or SGID, the SUID / SGID bits on the file are removed as a security precaution against tampering (unless uid 0 is doing the writing).

(See FreeBSD 5.4 source code, sys/ufs/ffs/ffs_vnops.c:739)

Flat | Top-Level Comments Only

From:

rainbear.livejournal.com

Hmm. That explains why that kept happening at Lumeta with the SGID files we had...

From:

rowan-redbeard.livejournal.com

And on Solaris, you can not set the SGID bit on a directory with absolute modes with standard chmod(1). You have to use symbolic modes or the GNU equivalent. I just learned that last week.

From:

yesthattom.livejournal.com

I think all Unix systems require symbolic modes for SGID and SUID.

From:

rowan-redbeard.livejournal.com

Actually, we poked around and found that Solaris is the only one that does. It's particular to directories and the SGID bit, and the result is that (e.g.) "chmod 2775 " doesn't do the expected -- the "2" is ignored. Apparently FreeBSD, HPUX, and Linux all do the expected thing, but Solaris (every version we found) doesn't. This is documented in the Solaris chmod(1) man page. If you use the GNU chmod program instead, it does pay attention to the SGID bit.