Bug 471581 - how to restore advanced file permissions (Sticky, SUID, SGID)
how to restore advanced file permissions (Sticky, SUID, SGID)
Product: Fedora
Classification: Fedora
Component: rpm (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Panu Matilainen
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-11-14 08:38 EST by Jan Huijbers
Modified: 2009-02-05 07:31 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-02-05 07:31:39 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jan Huijbers 2008-11-14 08:38:59 EST
Description of problem:
advanced filepermissions gone

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
restore file permissions for fedora by:

rpm -qa | rmp --setperms --setugids 

Actual results:
i susspect that advanced file permissions like sticky bit, SUID and SGID are whiped because some commands behave different. For example:

when loggid in as an regular user isuing:
user$ su -
authentication failed while using the correct root password

Expected results:

Additional info:

Is there a way to restore those permissions whitout re-installing the system, or is there an overview for fedora of files/directories using these filepermision so i can restore them by hand.
Comment 1 Phil Knirsch 2008-11-19 08:39:34 EST
Moving to rpm component.
Comment 2 Panu Matilainen 2009-02-05 07:31:39 EST
The order matters here, --setperms and --setugids are two different operations, and changing uid/gid causes suid/sgid bits to be reset, undoing part of the work of --setperms.

This'll do the trick (for all packages, to selectively reset replace -a with package names)
# rpm --setugids --setperms -a

No bug here, except perhaps insufficient documentation on these popt aliases.

Note You need to log in before you can comment on or make changes to this bug.