Bug 471581

Summary: how to restore advanced file permissions (Sticky, SUID, SGID)
Product: [Fedora] Fedora Reporter: Jan Huijbers <k3nn13>
Component: rpmAssignee: Panu Matilainen <pmatilai>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 9CC: ffesti, jnovy, pknirsch, pmatilai
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-02-05 12:31:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Huijbers 2008-11-14 13:38:59 UTC 
Description of problem:
advanced filepermissions gone

Version-Release number of selected component (if applicable):
all

How reproducible:
everytime

Steps to Reproduce:
1.
restore file permissions for fedora by:

rpm -qa | rmp --setperms --setugids 

2.
3.
  
Actual results:
i susspect that advanced file permissions like sticky bit, SUID and SGID are whiped because some commands behave different. For example:

when loggid in as an regular user isuing:
user$ su -
password:
authentication failed while using the correct root password

Expected results:


Additional info:

Is there a way to restore those permissions whitout re-installing the system, or is there an overview for fedora of files/directories using these filepermision so i can restore them by hand.
Comment 1 Phil Knirsch 2008-11-19 13:39:34 UTC 
Moving to rpm component.
Comment 2 Panu Matilainen 2009-02-05 12:31:39 UTC 
The order matters here, --setperms and --setugids are two different operations, and changing uid/gid causes suid/sgid bits to be reset, undoing part of the work of --setperms.

This'll do the trick (for all packages, to selectively reset replace -a with package names)
# rpm --setugids --setperms -a

No bug here, except perhaps insufficient documentation on these popt aliases.