Red Hat Bugzilla – Bug 433690
chown -R breaks -P and always follows symlinks
Last modified: 2009-05-18 16:07:39 EDT
Description of problem: chown -R is not supposed to follow symlinks by
default. As the manpage describes it, -P (don't follow symlinks) is the
default. The chown in coreutils 5.2.1-31.7 (and an earlier RHEL 4 version I
tried) does not work this way; it follows symlinks always with -R.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
mkdir -p pig swine
touch pig/file1 swine/file2
ln -s /tmp/swine/file2 pig/
chown -R daemon:daemon swine
chown -R bin:bin pig
/tmp/swine/file2 is owned by bin:bin
/tmp/swine/file2 should be owned by daemon:daemon
Works in RHEL 5 (coreutils-5.97-12.1.el5)
Thanks for report, there is some additional handling done for -R option in RHEL5
and newer coreutils. Anyway, I don't see that as a bug with high severity -
there is no data loss or crash, just minor loss of functionality. Decreasing
severity, problem will get fixed in next maintainance release of RHEL4 coreutils.
The reason I listed "high" severity is because there was data loss: In a large
directory tree with subtrees having varying ownership for access and security
purposes, loss of correct owners due to a chown -R on a *copy* of the data
where the absolute-path symlink is wrongly followed caused data loss and
application failure that had to be remedied manually and took a lot of time.
It doesn't matter to me very much what severity you assign, but data loss is
how the bug unpleasantly brought itself to my attention and explains my
rationale. Thanks for your help.
Do you need the patch for that issue before the RHEL4 update? Because as you
maybe know it is always very long way to have it fixed in RHEL and it will take
Yeah, that'd be helpful. Thanks.
There's been a RHEL 4 update by now, hasn't there? Did this fix make it in?
There was a coreutils low importance security update for su PAM module in RHEL4.7 . No other bugzilla went into that coreutils async update. There are many bugzillas filled against RHEL-4 coreutils, so I hope it will get into RHEL 4.8 . I completely forgot to make the patch for the issue and attach here as I proposed in comment #3 . Will try to do that soon... sorry for the delay.
I appreciate you making the patch.
I think it's well worth getting into the next RHEL 4 update, especially with the extra year of support that was announced for RHEL 4 in June. This bug may not hit many people, but those it does will feel the pain.
Created attachment 315647 [details]
backport from RHEL-5 coreutils
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
QA Whiteboard: RHTSdone, /CoreOS/coreutils/chown/bz433690_dont_follow_symlinks
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.