Bug 487108

Summary: [RHEL 4] Inconsistent behaviour in stripping SUID/SGID flags when chmod/chgrp directories
Product: Red Hat Enterprise Linux 4 Reporter: Sachin Prabhu <sprabhu>
Component: kernelAssignee: Jeff Layton <jlayton>
Status: CLOSED DUPLICATE QA Contact: Filesystem QE <fs-qe>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.9CC: jlayton, kzhang, rwheeler, steved, tao
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 485099 Environment:
Last Closed: 2010-10-13 00:19:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 485099    
Bug Blocks: 589293    
Attachments:
Description Flags
Proposed patch none

Description Sachin Prabhu 2009-02-24 10:01:29 UTC 
+++ This bug was initially created as a clone of Bug #485099 +++

There is an inconsistency seen in the behaviour of ext3 and nfs  when changing owner or group of a directory. If the directory has SUID/SGID flags set, the flags are maintained on ext3 however they are stripped on nfs.

Reproducer:

ext3:

file
# touch xyz; chmod u+s xyz; ls -l xyz; chown bin xyz; ls -l xyz
-rwSr--r--  1 root root 0 Feb 10 16:25 xyz
-rw-r--r--  1 bin root 0 Feb 10 16:25 xyz

directory
mkdir abc; chmod u+s abc; ls -ld abc; chown bin abc; ls -ld abc
drwsr-xr-x  2 root root 4096 Feb 10 16:23 abc
drwsr-xr-x  2 bin root 4096 Feb 10 16:23 abc


nfs:

file
# touch xyz; chmod u+s xyz; ls -l xyz; chown bin xyz; ls -l xyz
-rwSr--r--  1 root root 0 Feb 10 16:25 xyz
-rw-r--r--  1 bin root 0 Feb 10 16:25 xyz

directory
# mkdir abc; chmod u+s abc; ls -ld abc; chown bin abc; ls -ld abc
drwsr-xr-x  2 root root 4096 Feb 10 16:23 abc
drwxr-xr-x  2 bin root 4096 Feb 10 16:23 abc

Check the SUID/SGID flags on the directory before and after the chown operation for directories. The flags are stripped under nfs but not under ext3. The behaviour for operations on the file are consistent.

--- Additional comment from sprabhu on 2009-02-11 11:13:15 EDT ---

The behaviour as it stands does not appear to violate POSIX. See:

http://www.opengroup.org/onlinepubs/7990989775/xcu/chgrp.html
http://www.opengroup.org/onlinepubs/7990989775/xsh/chown.html

"Unless chgrp is invoked by a process with appropriate privileges, the set-user-ID and set-group-ID bits of a regular file will be cleared upon successful completion; the set-user-ID and set-group-ID bits of other file types may be cleared."

"If the path argument refers to a regular file, the set-user-ID (S_ISUID) and set-group-ID (S_ISGID) bits of the file mode are cleared upon successful return from chown(), unless the call is made by a process with appropriate privileges, in which case it is implementation-dependent whether these bits are altered. If chown() is successfully invoked on a file that is not a regular file, these bits may be cleared. These bits are defined in <sys/stat.h>."

So POSIX does not require a particular behaviour even if the process has "appropriate privileges" (which itself is not defined) but leaves this to be defined by the implementation. However the actions performed are inconsistent when comparing ext3 and nfs.

--- Additional comment from jlayton on 2009-02-11 11:34:34 EDT ---

Yes, even if we don't violate the letter of the spec it would be good to have the kernel behave consistently here. The point is that chown_common (which is what chown() calls from userspace pass through) only tries to kill the setuid/gid bits if it's not a directory.

I think we should add a clause to nfsd_setattr that just does the bit-clearing if !S_ISDIR.

This will need to go upstream first, but it may be a little while before I can get to it. Shouldn't be too hard a patch if someone else wants to do the legwork for it though.

--- Additional comment from sprabhu on 2009-02-23 11:39:26 EDT ---

http://article.gmane.org/gmane.linux.nfs/24652
Comment 6 Peter Staubach 2009-08-17 13:01:52 UTC 
Created attachment 357650 [details]
Proposed patch
Comment 7 RHEL Program Management 2009-08-17 13:30:39 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 9 Jeff Layton 2010-10-13 00:19:11 UTC 

*** This bug has been marked as a duplicate of bug 507527 ***