From owner-cvs-src@FreeBSD.ORG Wed Dec 13 15:31:58 2006 Return-Path: X-Original-To: cvs-src@FreeBSD.org Delivered-To: cvs-src@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E519C16A4C8; Wed, 13 Dec 2006 15:31:58 +0000 (UTC) (envelope-from bde@zeta.org.au) Received: from mailout2.pacific.net.au (mailout2-3.pacific.net.au [61.8.2.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 513AF43CC2; Wed, 13 Dec 2006 15:30:26 +0000 (GMT) (envelope-from bde@zeta.org.au) Received: from mailproxy1.pacific.net.au (mailproxy1.pacific.net.au [61.8.2.162]) by mailout2.pacific.net.au (Postfix) with ESMTP id B92EC109BF1; Thu, 14 Dec 2006 02:31:52 +1100 (EST) Received: from besplex.bde.org (katana.zip.com.au [61.8.7.246]) by mailproxy1.pacific.net.au (Postfix) with ESMTP id B1BA08C06; Thu, 14 Dec 2006 02:31:52 +1100 (EST) Date: Thu, 14 Dec 2006 02:31:52 +1100 (EST) From: Bruce Evans X-X-Sender: bde@besplex.bde.org To: Pawel Jakub Dawidek In-Reply-To: <200612131146.kBDBkdQv050907@repoman.freebsd.org> Message-ID: <20061214011927.X994@besplex.bde.org> References: <200612131146.kBDBkdQv050907@repoman.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libc/sys chown.2 X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Dec 2006 15:31:59 -0000 On Wed, 13 Dec 2006, Pawel Jakub Dawidek wrote: > pjd 2006-12-13 11:46:38 UTC > > FreeBSD src repository > > Modified files: > lib/libc/sys chown.2 > Log: > Be more precise with EPERM description. When chown(2) is a no-op, it will > return 0. VADMIN access is still required for null changes. This normally means that the the caller must own the file, but there are complications for ACLs. Also, non-null changes within the group don't require super-user permissions. The details for this are hard to describe. They are at least as complicated as: - the effective uid must be the super-user, unless all of the following: . it is the same as the file's uid, or [complications for ACLs] . the change to the uids of the file is null . [permission is never granted based solely on the egid-- check this] . the change to the gids is either null or the new file gid is in the same group as the egid. . [nothing is required or the old file gid -- check this] I used fine print in POSIX to justify permitting null changes to the gid. FreeBSD-1 doesn't allow this. My reasoning was something like "non-null changes (from a gid not in our group to one in our group) are permitted (if euid == old file uid == new file uid), so why disallow null changes? The uid checks should be sufficient." McKusick agreed with this. All this is mainly for ffs. Many file systems are probably still stricter. Some non-POSIX ones should be less strict when they only have fake attributes and the fake attributes get in the way of making null changes. Sorry I didn't update the man page or all file systems for this. A previous change to chown.2 copied bad grammar (a comma splice) from somwhere. Grep for "more info" in *.2 to see some good and bad examples. intro.2 uses a semicolon splice, but using a new sentence seems to be most common. The wording in examples with correct grammar also tends to be more formal (a bit too formal/verbose for me). Bruce