* [PATCH] Ext2FS: SUID on Dir
@ 2001-08-28 10:52 Clifford Wolf
2001-08-28 11:18 ` Jamie Lokier
2001-08-28 15:49 ` Albert D. Cahalan
0 siblings, 2 replies; 4+ messages in thread
From: Clifford Wolf @ 2001-08-28 10:52 UTC (permalink / raw)
To: Remy.Card, linux-kernel
Hi,
I'm not subscribed to l-k anymore since I'm not doing much kernel hacking
now - so please don't send your replies only to the list but also to me.
As you all know, on Ext2FS Partitions the SGID flag has a special function
on directories: files within that directories will be owned by the same
group that also owns the directory - which is useful for creating
directories which are shared between the members of a group.
But that only makes sense if the umask is set to give full permissions to
the group (e.g. 007 or 002). Noone would do that if there is a system-wide
'users' group - so some distributions add an extra group for every user
which lets the /etc/group file grow very fast and makes the admins life
harder ...
The following small patch adds a function to the SUID flag on directories.
If the SUID flag is set for a diectory, all new files in that directory
will get the same rights in the group-field as they have in their
user-field. So, if one sets both - SUID and SGID - on a directory, it
will also work with a umask like 022 or 077 and there is no more need for
an extra group for every user.
Also, the SUID flag will be set to all subdirectories of a SUID directory
(as it is already now with the SGID flag on directories).
--- linux/fs/ext2/ialloc.c.orig Tue Aug 28 10:59:09 2001
+++ linux/fs/ext2/ialloc.c Tue Aug 28 11:03:17 2001
@@ -427,6 +427,11 @@
mode |= S_ISGID;
} else
inode->i_gid = current->fsgid;
+ if (dir->i_mode & S_ISUID) {
+ mode |= (mode & 0700) >> 3;
+ if (S_ISDIR(mode))
+ mode |= S_ISUID;
+ }
inode->i_mode = mode;
inode->i_ino = j;
--- linux/CREDITS.orig Tue Aug 28 11:03:27 2001
+++ linux/CREDITS Tue Aug 28 11:05:07 2001
@@ -3064,6 +3064,8 @@
E: god@clifford.at
W: http://www.clifford.at/
D: Menuconfig/lxdialog improvement
+D: Initial Wacom Intuos USB Driver
+D: Ext2FS: SUID on directories
S: Foehrengasse 16
S: A-2333 Leopoldsdorf b. Wien
S: Austria
What do you thing? Good idea? Bad idea? Why?
yours,
- clifford
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
Clifford Wolf ................ www.clifford.at IRC: http://opirc.nu
The ROCK Projects Workgroup .. www.rock-projects.com Tel: +43-699-10063494
The ROCK Linux Workgroup ..... www.rocklinux.org Fax: +43-2235-42788-4
The NTx Consulting Group ..... www.ntx.at email: god@clifford.at
Reality corrupted. Reboot universe? (Y/N) www.rocklinux.net
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Ext2FS: SUID on Dir
2001-08-28 10:52 [PATCH] Ext2FS: SUID on Dir Clifford Wolf
@ 2001-08-28 11:18 ` Jamie Lokier
2001-08-28 15:49 ` Albert D. Cahalan
1 sibling, 0 replies; 4+ messages in thread
From: Jamie Lokier @ 2001-08-28 11:18 UTC (permalink / raw)
To: Clifford Wolf; +Cc: Remy.Card, linux-kernel
Clifford Wolf wrote:
> But that only makes sense if the umask is set to give full permissions to
> the group (e.g. 007 or 002). Noone would do that if there is a system-wide
> 'users' group - so some distributions add an extra group for every user
> which lets the /etc/group file grow very fast and makes the admins life
> harder ...
Concured. In my experience, "extra group for every user" doesn't work
with you're sharing over NFS with systems that don't use it. Which
means using a umask of 022 or 077, and that renders the SGID-directory
feature almost useless.
I've seen two problems result from this: user files created group
writable on the NFS server, when they should not be (a security
problem). And shared directories created non-group-writable, which
other group members cannot fix. (Only root can fix this).
For example where I work, some of the CVS directories cannot be checked
out because some directories, which should be group writable, are not.
> The following small patch adds a function to the SUID flag on directories.
> If the SUID flag is set for a diectory, all new files in that directory
> will get the same rights in the group-field as they have in their
> user-field.
Your patch does not fix the problem with CVS directories. In those,
directories need to be writable, but newly created user files should not
necessarily be group writable.
So I would suggest this behaviour:
sgid directory -> new subdirectories copy group umask from user umask
suid directory -> new non-directories copy group umask from user umask
Both these behaviours would be enabled by a mount option, preferably a
generic one.
cheers,
-- Jamie
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Ext2FS: SUID on Dir
2001-08-28 10:52 [PATCH] Ext2FS: SUID on Dir Clifford Wolf
2001-08-28 11:18 ` Jamie Lokier
@ 2001-08-28 15:49 ` Albert D. Cahalan
2001-08-28 18:04 ` Clifford Wolf
1 sibling, 1 reply; 4+ messages in thread
From: Albert D. Cahalan @ 2001-08-28 15:49 UTC (permalink / raw)
To: Clifford Wolf; +Cc: Remy.Card, linux-kernel
Clifford Wolf writes:
> As you all know, on Ext2FS Partitions the SGID flag has a special function
> on directories: files within that directories will be owned by the same
> group that also owns the directory - which is useful for creating
> directories which are shared between the members of a group.
>
> But that only makes sense if the umask is set to give full permissions to
> the group (e.g. 007 or 002). Noone would do that if there is a system-wide
> 'users' group - so some distributions add an extra group for every user
> which lets the /etc/group file grow very fast and makes the admins life
> harder ...
>
> The following small patch adds a function to the SUID flag on directories.
> If the SUID flag is set for a diectory, all new files in that directory
> will get the same rights in the group-field as they have in their
> user-field. So, if one sets both - SUID and SGID - on a directory, it
> will also work with a umask like 022 or 077 and there is no more need for
> an extra group for every user.
It would at least be more logical to have SUID do for user IDs
what SGID does for group IDs. Having SUID muck with group IDs
is pretty ugly.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Ext2FS: SUID on Dir
2001-08-28 15:49 ` Albert D. Cahalan
@ 2001-08-28 18:04 ` Clifford Wolf
0 siblings, 0 replies; 4+ messages in thread
From: Clifford Wolf @ 2001-08-28 18:04 UTC (permalink / raw)
To: Albert D. Cahalan; +Cc: Remy.Card, linux-kernel
Hi,
> It would at least be more logical to have SUID do for user IDs
> what SGID does for group IDs.
Maybe - but at least I can't thing of any situation where that could be
needed.
> Having SUID muck with group IDs is pretty ugly.
It doesn't. It "mucks" with the group field in the file mode, it doesn't
do anything to the group id.
To be more exact: It copies the permissions from the user field in the
file mode to the group field in the file mode. Imo that is not far away
from the meaning of a SUID bit on programms: It gives the rights from the
user who owns the file to a wider range of users ..
yours,
- clifford
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
Clifford Wolf ................ www.clifford.at IRC: http://opirc.nu
The ROCK Projects Workgroup .. www.rock-projects.com Tel: +43-699-10063494
The ROCK Linux Workgroup ..... www.rocklinux.org Fax: +43-2235-42788-4
The NTx Consulting Group ..... www.ntx.at email: god@clifford.at
Reality corrupted. Reboot universe? (Y/N) www.rocklinux.net
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2001-08-28 18:00 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-08-28 10:52 [PATCH] Ext2FS: SUID on Dir Clifford Wolf
2001-08-28 11:18 ` Jamie Lokier
2001-08-28 15:49 ` Albert D. Cahalan
2001-08-28 18:04 ` Clifford Wolf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).