On Thu, May 25, 2000 at 08:43:24AM -0500, Nathan E Norman wrote: > On Wed, May 24, 2000 at 09:03:28PM -0800, Ethan Benson wrote: > > > what kernel are you using? i think your using 2.2.12 which had a bug, > > observer 2.2.15: > [snip] > > changing the owner or group is supposed to remove s[ug]id bits, 2.2.12 > > had a bug where this did not occur, it was fixed in 2.2.13. > > nnorman@canaris:~ $ uname -a > Linux canaris 2.2.13 #1 Thu Jan 6 20:42:17 CST 2000 i686 unknown > > 2.2.12 sucked big time; I never used it in production ah i just figured out the problem: the kernel under all circumstances will remove s bits on chown/chgrp from FILES. but on directories it will leave (at least setgid) set on chown/chgrp EXCEPT on NFS filesystems. is this a bug or is there a legitimate reason? on local filesystems it works as you demonstrate. still i prefer to avoid uncessary s bits on things. i don't want to get used to seeing s bits everywhere, rather i always want them to set off a red flag ;-) btw 2.2.13 sucks even more big time, it does a very thorough job of destroying filesystems. :| > On boxes where there are users of unknown trust, I also set the uamsk > to 027 and don't use usergroups. On development boxes that are shared > among coworkers the umask stays at 002 and usergroups are used. sounds reasonable. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpdZ4JcqkVaj.pgp
Description: PGP signature