From owner-freebsd-questions@FreeBSD.ORG Sat Feb 9 12:26:57 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 99D0C16A421 for ; Sat, 9 Feb 2008 12:26:57 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id 050FF13C455 for ; Sat, 9 Feb 2008 12:26:56 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) by smtp.infracaninophile.co.uk (8.14.2/8.14.2) with ESMTP id m19CQnbA009013; Sat, 9 Feb 2008 12:26:49 GMT (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: Sendmail DKIM Filter v2.4.4 smtp.infracaninophile.co.uk m19CQnbA009013 Authentication-Results: smtp.infracaninophile.co.uk; dkim=hardfail (SSP) header.i=unknown Message-ID: <47AD9C09.6020909@infracaninophile.co.uk> Date: Sat, 09 Feb 2008 12:26:49 +0000 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 2.0.0.9 (X11/20080122) MIME-Version: 1.0 To: Jonathan McKeown References: <200802091244.05538.jonathan+freebsd-questions@hst.org.za> In-Reply-To: <200802091244.05538.jonathan+freebsd-questions@hst.org.za> X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (smtp.infracaninophile.co.uk [IPv6:::1]); Sat, 09 Feb 2008 12:26:50 +0000 (GMT) X-Virus-Scanned: ClamAV 0.92/5754/Sat Feb 9 08:47:27 2008 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-3.0 required=5.0 tests=AWL,BAYES_00,NO_RELAYS autolearn=ham version=3.2.4 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on happy-idiot-talk.infracaninophile.co.uk Cc: freebsd-questions@freebsd.org Subject: Re: mv, cp, and sgid on directories (was: cp -p) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Feb 2008 12:26:57 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Jonathan McKeown wrote: > The bit that still worries me in this discussion is the sgid bit (pun not > intended, but I'm not going to delete it now!): as I understand it, creating > a file has different behaviour on SYSV-derived systems and Berkeley-derived > systems. > > SYSV creates files group-owned by the creator's primary group. > BSD creates files which inherit the group-ownership of the directory they are > created in. > > SYSV behaviour can be changed to BSD behaviour per-directory, by using the > sgid bit on the directory. > BSD behaviour can't be changed and the sgid bit on a directory is ignored. > > Again, could someone confirm whether I'm talking nonsense here? That's pretty much correct. Some SysV-ish systems maintained the concept of a 'current group' which you could switch your login session to, so long as you were a member of the group in question and you knew the group password (if any). Any files you created would have ownership by your current UID and GID. That, incidentally, is why there is a password field in /etc/group at all. It seems to be pretty much of historical interest only nowadays -- personally I have never seen a system where group passwords were ever actually used, and I'm not aware of any utility for manipulating the passwords in /etc/group. Anyhow, BSD-ish systems always had a different take on exactly how group ownership of files and processes should work -- one which didn't depend on the end user consciously remembering to switch current group at the appropriate time. There were various other differences in the way various programs worked in this area. For instance in early versions of SysV it was possible for a mortal user to give files away (ie. chown(1) a file they owned to another user). Needless to say that was pretty quickly recognised for the security hole that it is and nowadays anything Unix-like will follow the POSIX.2 standard where you have to be root to change file ownership. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHrZwJ8Mjk52CukIwRCJU5AKCM29geaM6fSjPs8NmTKWbUvhEfrwCeI0+X FUdibti5cuxquQTDdSETDgA= =oPMJ -----END PGP SIGNATURE-----