Bug 433690 - chown -R breaks -P and always follows symlinks
chown -R breaks -P and always follows symlinks
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: coreutils (Show other bugs)
4.8
All Linux
low Severity low
: rc
: ---
Assigned To: Ondrej Vasik
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-20 16:06 EST by Jon Jensen
Modified: 2009-05-18 16:07 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-05-18 16:07:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
proposed patch (1.80 KB, patch)
2008-09-03 10:31 EDT, Kamil Dudka
no flags Details | Diff

  None (edit)
Description Jon Jensen 2008-02-20 16:06:56 EST
Description of problem: chown -R is not supposed to follow symlinks by 
default. As the manpage describes it, -P (don't follow symlinks) is the 
default. The chown in coreutils 5.2.1-31.7 (and an earlier RHEL 4 version I 
tried) does not work this way; it follows symlinks always with -R.

Version-Release number of selected component (if applicable):

coreutils-5.2.1-31.7.i386

How reproducible:

always

Steps to Reproduce:

cd /tmp
mkdir -p pig swine
touch pig/file1 swine/file2
ln -s /tmp/swine/file2 pig/
chown -R daemon:daemon swine
chown -R bin:bin pig

Actual results:

/tmp/swine/file2 is owned by bin:bin

Expected results:

/tmp/swine/file2 should be owned by daemon:daemon

Additional info:

Works in RHEL 5 (coreutils-5.97-12.1.el5)
Comment 1 Ondrej Vasik 2008-02-20 16:39:17 EST
Thanks for report, there is some additional handling done for -R option in RHEL5
and newer coreutils. Anyway, I don't see that as a bug with high severity -
there is no data loss or crash, just minor loss of functionality. Decreasing
severity, problem will get fixed in next maintainance release of RHEL4 coreutils.
Comment 2 Jon Jensen 2008-02-20 17:38:38 EST
The reason I listed "high" severity is because there was data loss: In a large 
directory tree with subtrees having varying ownership for access and security 
purposes, loss of correct owners due to a chown -R on a *copy* of the data 
where the absolute-path symlink is wrongly followed caused data loss and 
application failure that had to be remedied manually and took a lot of time.

It doesn't matter to me very much what severity you assign, but data loss is 
how the bug unpleasantly brought itself to my attention and explains my 
rationale. Thanks for your help.
Comment 3 Ondrej Vasik 2008-02-21 04:33:48 EST
Do you need the patch for that issue before the RHEL4 update? Because as you
maybe know it is always very long way to have it fixed in RHEL and it will take
some time...
Comment 4 Jon Jensen 2008-02-21 09:30:25 EST
Yeah, that'd be helpful. Thanks.
Comment 5 Jon Jensen 2008-08-23 18:38:55 EDT
There's been a RHEL 4 update by now, hasn't there? Did this fix make it in?
Comment 6 Ondrej Vasik 2008-08-25 04:55:10 EDT
There was a coreutils low importance security update for su PAM module in RHEL4.7 . No other bugzilla went into that coreutils async update. There are many bugzillas filled against RHEL-4 coreutils, so I hope it will get into RHEL 4.8 . I completely forgot to make the patch for the issue and attach here as I proposed in comment #3 . Will try to do that soon... sorry for the delay.
Comment 7 Jon Jensen 2008-09-01 21:10:02 EDT
I appreciate you making the patch.

I think it's well worth getting into the next RHEL 4 update, especially with the extra year of support that was announced for RHEL 4 in June. This bug may not hit many people, but those it does will feel the pain.

Thanks!
Comment 8 Kamil Dudka 2008-09-03 10:31:21 EDT
Created attachment 315647 [details]
proposed patch

backport from RHEL-5 coreutils
Comment 9 RHEL Product and Program Management 2008-09-05 13:05:41 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 15 Petr Sklenar 2009-02-09 08:26:55 EST
QA Whiteboard: RHTSdone, /CoreOS/coreutils/chown/bz433690_dont_follow_symlinks
Comment 17 errata-xmlrpc 2009-05-18 16:07:39 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0959.html

Note You need to log in before you can comment on or make changes to this bug.