From owner-freebsd-hackers@FreeBSD.ORG Fri Nov 14 07:05:22 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A69B01065670 for ; Fri, 14 Nov 2008 07:05:22 +0000 (UTC) (envelope-from neldredge@math.ucsd.edu) Received: from euclid.ucsd.edu (euclid.ucsd.edu [132.239.145.52]) by mx1.freebsd.org (Postfix) with ESMTP id 7C2BC8FC14 for ; Fri, 14 Nov 2008 07:05:22 +0000 (UTC) (envelope-from neldredge@math.ucsd.edu) Received: from zeno.ucsd.edu (zeno.ucsd.edu [132.239.145.22]) by euclid.ucsd.edu (8.11.7p3+Sun/8.11.7) with ESMTP id mAE75L606015 for ; Thu, 13 Nov 2008 23:05:21 -0800 (PST) Received: from localhost (neldredg@localhost) by zeno.ucsd.edu (8.11.7p3+Sun/8.11.7) with ESMTP id mAE75LU26915 for ; Thu, 13 Nov 2008 23:05:21 -0800 (PST) X-Authentication-Warning: zeno.ucsd.edu: neldredg owned process doing -bs Date: Thu, 13 Nov 2008 23:05:21 -0800 (PST) From: Nate Eldredge X-X-Sender: neldredg@zeno.ucsd.edu To: freebsd-hackers@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: Unprivileged user can't set sticky bit on a file; why? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Nov 2008 07:05:22 -0000 Hi folks, FreeBSD doesn't allow an unprivileged user to set the sticky bit (mode S_ISTXT, octal 01000) on a file, though it does allow root to do so. nate@vulcan:/tmp$ chmod +t foo chmod: foo: Inappropriate file type or format nate@vulcan:/tmp$ su Password: vulcan# chmod +t foo vulcan# ls -l foo -rw-r--r-T 1 nate wheel 0 Nov 13 22:46 foo Why is this? I don't expect the sticky bit to actually do anything on a regular file in this day and age (I know what its historical behavior was, and what it does for directories), but I'd think it would be harmless to set it. Linux lets a user set the sticky bit, and Solaris silently masks it off. I came across this when trying to rsync some files which had the sticky bit set on the remote side. (It's the historical Unix archive from tuhs.org; the files in question are part of an unpacked V7 UNIX installation, for which the sticky bit of course had meaning. :-) ) It's annoying that this makes rsync fail; it messes up my mirroring script. sticky(8) says the bit "is ignored for regular files", which evidently isn't accurate. chmod(2) says "on UFS-based file systems (FFS, LFS) the sticky bit may only be set upon directories", which isn't right either since root is able to do it. src/sys/ufs/ufs/ufs_vnops.c has the following comment: /* * Privileged processes may set the sticky bit on non-directories, * as well as set the setgid bit on a file with a group that the * process is not a member of. Both of these are allowed in * jail(8). */ but does not explain why unprivileged process should be forbidden to set the sticky bit. -- Nate Eldredge neldredge@math.ucsd.edu