Description of problem: chown -R is not supposed to follow symlinks by default. As the manpage describes it, -P (don't follow symlinks) is the default. The chown in coreutils 5.2.1-31.7 (and an earlier RHEL 4 version I tried) does not work this way; it follows symlinks always with -R. Version-Release number of selected component (if applicable): coreutils-5.2.1-31.7.i386 How reproducible: always Steps to Reproduce: cd /tmp mkdir -p pig swine touch pig/file1 swine/file2 ln -s /tmp/swine/file2 pig/ chown -R daemon:daemon swine chown -R bin:bin pig Actual results: /tmp/swine/file2 is owned by bin:bin Expected results: /tmp/swine/file2 should be owned by daemon:daemon Additional info: Works in RHEL 5 (coreutils-5.97-12.1.el5)
Thanks for report, there is some additional handling done for -R option in RHEL5 and newer coreutils. Anyway, I don't see that as a bug with high severity - there is no data loss or crash, just minor loss of functionality. Decreasing severity, problem will get fixed in next maintainance release of RHEL4 coreutils.
The reason I listed "high" severity is because there was data loss: In a large directory tree with subtrees having varying ownership for access and security purposes, loss of correct owners due to a chown -R on a *copy* of the data where the absolute-path symlink is wrongly followed caused data loss and application failure that had to be remedied manually and took a lot of time. It doesn't matter to me very much what severity you assign, but data loss is how the bug unpleasantly brought itself to my attention and explains my rationale. Thanks for your help.
Do you need the patch for that issue before the RHEL4 update? Because as you maybe know it is always very long way to have it fixed in RHEL and it will take some time...
Yeah, that'd be helpful. Thanks.
There's been a RHEL 4 update by now, hasn't there? Did this fix make it in?
There was a coreutils low importance security update for su PAM module in RHEL4.7 . No other bugzilla went into that coreutils async update. There are many bugzillas filled against RHEL-4 coreutils, so I hope it will get into RHEL 4.8 . I completely forgot to make the patch for the issue and attach here as I proposed in comment #3 . Will try to do that soon... sorry for the delay.
I appreciate you making the patch. I think it's well worth getting into the next RHEL 4 update, especially with the extra year of support that was announced for RHEL 4 in June. This bug may not hit many people, but those it does will feel the pain. Thanks!
Created attachment 315647 [details] proposed patch backport from RHEL-5 coreutils
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
QA Whiteboard: RHTSdone, /CoreOS/coreutils/chown/bz433690_dont_follow_symlinks
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0959.html