Comments on: SGID Bug http://pthree.org/2008/01/30/sgid-bug/ Linux. GNU. Freedom. Thu, 04 Dec 2008 00:44:07 +0000 http://wordpress.org/?v=2.7-RC1-10015 hourly 1 By: Josh http://pthree.org/2008/01/30/sgid-bug/#comment-106541 Josh Mon, 18 Aug 2008 14:40:43 +0000 http://pthree.org/2008/01/30/sgid-bug/#comment-106541 Sorry to bump an old-ish thread, but I ran into this exact same issue. I created a directory, created a new group with the users I wanted to be able to access the directory, set the permissions to 770 on the directory, then tried to chmod g+s the directory and got no error. I'm actually part of the group in question, but it still wouldn't let me do it. I think the bottom line on the "bug vs not bug" conversation is this: You ran the command to set the sgid permission to g+s. Expected behavior is that when you ls -a, you see s (or S if you don't have +x) in the "group execute" / "sgid" column of the file permissions. That, or you get an "operation not permitted" error just like if you try to change a permission to something you don't own. Just because a bug is documented doesn't mean it's not still a bug. Case in point: The Microsoft Knowledge Base. Sorry to bump an old-ish thread, but I ran into this exact same issue. I created a directory, created a new group with the users I wanted to be able to access the directory, set the permissions to 770 on the directory, then tried to chmod g+s the directory and got no error. I’m actually part of the group in question, but it still wouldn’t let me do it.

I think the bottom line on the “bug vs not bug” conversation is this:
You ran the command to set the sgid permission to g+s. Expected behavior is that when you ls -a, you see s (or S if you don’t have +x) in the “group execute” / “sgid” column of the file permissions. That, or you get an “operation not permitted” error just like if you try to change a permission to something you don’t own.

Just because a bug is documented doesn’t mean it’s not still a bug. Case in point: The Microsoft Knowledge Base.

]]> By: Aaron http://pthree.org/2008/01/30/sgid-bug/#comment-90288 Aaron Thu, 31 Jan 2008 14:00:42 +0000 http://pthree.org/2008/01/30/sgid-bug/#comment-90288 @ThaddeusQ- Regardless of how remote the documentation is, if it exists, it's not a bug any longer? Don't you find that a little absurd? Also, couldn't it be argued that this is unexpected behavior? Certainly, the user who discovers this will be wondering what's going on, and call me crazy, but I doubt they'll pull up the dev man pages to figure it out. @ThaddeusQ- Regardless of how remote the documentation is, if it exists, it’s not a bug any longer? Don’t you find that a little absurd? Also, couldn’t it be argued that this is unexpected behavior? Certainly, the user who discovers this will be wondering what’s going on, and call me crazy, but I doubt they’ll pull up the dev man pages to figure it out.

]]> By: . http://pthree.org/2008/01/30/sgid-bug/#comment-90223 . Wed, 30 Jan 2008 19:02:53 +0000 http://pthree.org/2008/01/30/sgid-bug/#comment-90223 A document bug is not a bug anymore, it's a feature =). A document bug is not a bug anymore, it’s a feature =).

]]> By: ThaddeusQ http://pthree.org/2008/01/30/sgid-bug/#comment-90218 ThaddeusQ Wed, 30 Jan 2008 18:05:50 +0000 http://pthree.org/2008/01/30/sgid-bug/#comment-90218 A bug is when something happens that is not expected behavior. This is expected behavior as evidenced by the documentation. Just because it doesn't match your expectations doesn't make it a bug. Just my 2 cents worth. A bug is when something happens that is not expected behavior. This is expected behavior as evidenced by the documentation. Just because it doesn’t match your expectations doesn’t make it a bug. Just my 2 cents worth.

]]> By: Aaron http://pthree.org/2008/01/30/sgid-bug/#comment-90212 Aaron Wed, 30 Jan 2008 16:15:55 +0000 http://pthree.org/2008/01/30/sgid-bug/#comment-90212 Hmm. Still a bug, though. If the user is not notified to the behavior of a process and it is not logged, then in my book, that definitely qualifies as a bug. How else would the user know what is happening when the bit is not set? Hmm. Still a bug, though. If the user is not notified to the behavior of a process and it is not logged, then in my book, that definitely qualifies as a bug. How else would the user know what is happening when the bit is not set?

]]> By: Byron Clark http://pthree.org/2008/01/30/sgid-bug/#comment-90210 Byron Clark Wed, 30 Jan 2008 16:05:04 +0000 http://pthree.org/2008/01/30/sgid-bug/#comment-90210 Turns out this behavior is documented, just not where you may think. From chmod(2): If the calling process is not privileged (Linux: does not have the CAP_FSETID capability), and the group of the file does not match the effective group ID of the process or one of its supplementary group IDs, the S_ISGID bit will be turned off, but this will not cause an error to be returned. Turns out this behavior is documented, just not where you may think. From chmod(2):

If the calling process is not privileged (Linux: does not have the
CAP_FSETID capability), and the group of the file does not match the
effective group ID of the process or one of its supplementary group
IDs, the S_ISGID bit will be turned off, but this will not cause an
error to be returned.

]]> By: Byron Clark http://pthree.org/2008/01/30/sgid-bug/#comment-90209 Byron Clark Wed, 30 Jan 2008 15:45:52 +0000 http://pthree.org/2008/01/30/sgid-bug/#comment-90209 The chmod command isn't reporting an error because the chmod syscall isn't reporting an error. You can verify this by running the chmod command under strace and grepping for the chmod syscall. The chmod command isn’t reporting an error because the chmod syscall isn’t reporting an error. You can verify this by running the chmod command under strace and grepping for the chmod syscall.

]]>