topic Re: setuid on directory in Operating System - HP-UX

setuid on directory

Michael O'brien_1 — Sat, 21 Aug 2004 12:47:16 GMT

Hi,

I'm trying to setuid on a directory so any files created in there with have the ownership of the directory owner. So I used the chmod u+s command but it doesn't seem to work. Any ideas, the chmod g+s does work.

Thanks
Mike

Re: setuid on directory

Robert-Jan Goossens — Sat, 21 Aug 2004 13:55:06 GMT

Hi Mike,

http://www.unixpeople.com/HOWTO/advanced.permissions.and.ACLs.html

Since the sticky bit had no implied meaning with respect to a directory,
it was decided to make its meaning thus:

When the sticky bit is set on a directory, the only people who can remove
files from that directory are:
1) root
2) the owner of the directory
3) the owner of the file to be removed

So, the permissions on the /tmp directory are actually:

drwxrwxrwt 7 sys sys 463 Aug 3 22:20 /tmp

The "t" represents the sticky bit.

{set the sticky bit on the directory "testing"}
$ chmod o+t testing

Can we set these bits using octal permissions?

Sure. Even though the "ls -l" output shows us 9 bits of permissions, the
inode actually stores 12 bits. Even though the display embeds the setuid,
setgid, and sticky bits within the same 9 characters, they are actually
the most significant bits of the permissions and as such, can be represented
by an additional octal digit when using chmod.

Example
-------

To set the permissions on the tmp directory.
# chmod 1777 /tmp

Hope this helps,
Robert-Jan

Re: setuid on directory

Michael O'brien_1 — Sun, 22 Aug 2004 04:25:46 GMT

Hi Robert-Jan,

Thanks for your response, what I'm trying to achieve is to set setuid on the directory not the sticky bit. I would like any files created by any user to take the ownership of the directory our.

If the directory "test" is owned by user A and user B creates a file in the directory. The file should be then be owned by user A.

The command to achieve is
chmod u+s test

I've set the setgid so any files created in the test directory have the group ownership of user A group. This was achieved using

chmod g+s test

But the setuid doesn;t seem to have an effect.

I'll check out the link you sent me to see if that can shed any light on the issue.

Thanks
Mike

Re: setuid on directory

Robert-Jan Goossens — Mon, 23 Aug 2004 02:41:23 GMT

Hi Mike,

Try this.

# chmod 4755 your_directory

Regards,
Robert-Jan

Re: setuid on directory

Andrew Merritt_2 — Mon, 23 Aug 2004 05:22:29 GMT

I don't believe the setuid bit on a directory works the same way as the the setgid bit does. Do you have any documentation to the contrary, or are you extrapolating from the setgid bit?

See the man page for 'creat(2)', which only refers to the effect of the setgid bit (this is on 11.11):

If the file exists, its length is truncated to 0, and its mode and
owner are unchanged. Otherwise, the file's owner ID is set to the
effective user ID of the process. If the set-group-ID bit of the
parent directory is set, the file's group ID is set to the group ID of
the parent directory. Otherwise, the file's group ID is set to the
process's effective group ID.

(Regarding the chmod command, 'chmod u+s' and 'chmod 4755' have the same effect on the setuid bit. It's the setuid bit itself that has no effect when a file is created.)

Re: setuid on directory

Michael O'brien_1 — Mon, 23 Aug 2004 08:45:28 GMT

Andrew/Robert Jan,

thanks for your responses, maybe I misunderstood the use of setuid on directories. Maybe you can suggest a solution to my probelm. I would like to create a directory with write privledges to everybody but when they create files in the directory they are owned by myself. Any sugestions.

Thanks
Mike

Re: setuid on directory

Eric Herberholz — Mon, 23 Aug 2004 19:08:29 GMT

So, it sounds like you are familiar with setguid on a directory. Whereby setting the group bit to a sitcky bit will cause files created in a directory to get the group set to the group of the directory.

But I don't believe that there is a bit you can set to get files created in a directory to be owned by the directory's owner.

In other words if a user creates a file, he/she owns that file and there's no way (that I know of) to set it so that the owner of the directory in which the file resides owns the newly created file.

So, since you want to own the files that you create, you don't have to do anything, because that is the default behavior.

Re: setuid on directory

Andrew Merritt_2 — Tue, 24 Aug 2004 03:56:04 GMT

There isn't a way to do what you want, if people are creating files using standard utilities.

If it's an application that is creating the files when other people run it, then you could set the setuid bit on the program to do that (it's a little more complicated than just that, but that's the general idea).

The other option would be to run a background job or cron job that periodically changes the owner of the files in that directory to be you.

It partly depends on why you want the files to be owned by you, and how they are created, as to what might work.

Andrew

Re: setuid on directory

debug_1 — Wed, 09 May 2007 14:34:12 GMT

I have the same issue and one example that i have is i am both root and the normal user and a lot of my settings i keep in the normal users home folder and some times when i run programs as root, the files that are created (in the normal user's home folder) are only accessable by root and i would prefer to keep it so that the normal user is the owner. if this above situation were true (setuid retains owner when created in the folder) i could avoid this all together.

Re: setuid on directory

Eric Herberholz — Wed, 09 May 2007 15:28:39 GMT

debug,

Try some tests and see.

I belive the set-gid bit is advisory, and not all applications may adhere to the advisory.

-erich