Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1914908

Summary: rpm -a --setugids removes sticky bit
Product: Red Hat Enterprise Linux 8 Reporter: Dominik Holler <dholler>
Component: rpmAssignee: Packaging Maintenance Team <packaging-team-maint>
Status: CLOSED NOTABUG QA Contact: swm-qe
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.3CC: pmatilai
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-01-11 13:24:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
terminal log none

Description Dominik Holler 2021-01-11 13:12:23 UTC 
Created attachment 1746248 [details]
terminal log

Description of problem:
'rpm -a --setugids' removes the sticky bits, which is very unpleasant, because sudo relies on this bits.


Version-Release number of selected component (if applicable):
rpm-4.14.3-4.el8.x86_64

How reproducible:
100%

Steps to Reproduce:
1.
ls -l /usr/bin/sudo
---s--x--x. 1 root root 165608 May 18  2020 /usr/bin/sudo

2.
rpm -a --setugids


Actual results:
ls -l /usr/bin/sudo
---x--x--x. 1 root root 165608 May 18  2020 /usr/bin/sudo


Expected results:
ls -l /usr/bin/sudo
---s--x--x. 1 root root 165608 May 18  2020 /usr/bin/sudo



Additional info:
Comment 1 Panu Matilainen 2021-01-11 13:24:30 UTC 
Yes, this is actually even documented, from rpm(8):

       rpm --setugids PACKAGE_NAME
              sets  user/group  ownership  of files in the given package. This
              command can change permissions and capabilities of files in that
              package. In most cases it is better to use --restore instead.

       rpm --setcaps PACKAGE_NAME
              sets  capabilities of files in the given package. Consider using
              --restore instead.

       rpm --restore PACKAGE_NAME
              The option restores owner, group, permissions  and  capabilities
              of files in the given package.

       Options --setperms, --setugids, --setcaps and
              --restore are mutually exclusive.

In other words, use --restore instead.

--setugids is rather an unfortunate demo of popt alias capabilities (search '--setugids' from /usr/lib/rpm/rpmpopt*) that we can't fix than a genuinely useful feature...