Description of problem: When I am changing the special permissions (suid, sgid and sticky) in Fedora with the numeric method (chmod 2755 for example), is possible add the special permissions with numbers, but isn't possible to clear permissions. for example: is possible do chmod 4755 to add suid but if I use chmod 0755 the permission suid isn't remove. In other form, with chmod u-s the permission clear right. The problem is that using the numeric method only is possible add permission specials Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
chmod is part of coreutils...
You can set/clear special permission bits directly by number only for regular files. For directories use symbolic modes. Consider chmod(1) man page: "chmod preserves a directory's set-user-ID and set-group-ID bits unless you explicitly specify otherwise. You can set or clear the bits with symbolic modes like u+s and g-s, and you can set (but not clear) the bits with a numeric mode."
Yes, I can use the symbolic mode, but this is a bug in Fedora. I probed the same in Red Hat (using the numeric mode) and in Red Hat the numeric mode of chmod works good. But in Fedora is not possible to clear the special permissions with the numeric method. I posted this bug only to share this information. Thank you, Oscar.
Nope, this is not "bug in Fedora". GNU coreutils (upstream) behaves this way. It was documented about two years ago: http://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=f4a5097ea3d35798fbe220c5d2835295f3bc2cd1
Ah, oks. Why in Red Hat is different? Using 0 in Red Hat I can clear the special permissions but in Fedora no. I don't understand why. I saw that the version in Fedora of the coreutils is 6.10 and in Red Hat is 5.97 The difference is in the version of coreutils or is different between Fedora and Red Hat?
Yes, it's about the version of coreutils. Looking at NEWS I can see this behavior was changed in coreutils 6.0: chmod, install, and mkdir now preserve a directory's set-user-ID and set-group-ID bits unless you explicitly request otherwise. E.g., `chmod 755 DIR' and `chmod u=rwx,go=rx DIR' now preserve DIR's set-user-ID and set-group-ID bits instead of clearing them, and similarly for `mkdir -m 755 DIR' and `mkdir -m u=rwx,go=rx DIR'. To clear the bits, mention them explicitly in a symbolic mode, e.g., `mkdir -m u=rwx,go=rx,-s DIR'. To set them, mention them explicitly in either a symbolic or a numeric mode, e.g., `mkdir -m 2755 DIR', `mkdir -m u=rwx,go=rx,g+s' DIR. This change is for convenience on systems where these bits inherit from parents. Unfortunately other operating systems are not consistent here, and portable scripts cannot assume the bits are set, cleared, or preserved, even when the bits are explicitly mentioned. For example, OpenBSD 3.9 `mkdir -m 777 D' preserves D's setgid bit but `chmod 777 D' clears it. Conversely, Solaris 10 `mkdir -m 777 D', `mkdir -m g-s D', and `chmod 0777 D' all preserve D's setgid bit, and you must use something like `chmod g-s D' to clear it. Note that current F-10 coreutils version is coreutils-6.12-18.
That's ok, I understand. Thanks for explaining to me!
reposurgeon-3.28-1.fc23 has been submitted as an update for Fedora 23. https://admin.fedoraproject.org/updates/reposurgeon-3.28-1.fc23
reposurgeon-3.28-1.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/reposurgeon-3.28-1.fc22
reposurgeon-3.28-1.el7 has been submitted as an update for Fedora EPEL 7. https://admin.fedoraproject.org/updates/reposurgeon-3.28-1.el7