Re: [Moosefs-users] setgid bit

[Sébastien M. <seb...@gm...>]

Hi,

You are right, it's not posix, is GNU :
<<
On most systems, if a directory's set-group-ID bit is set, newly created
subfiles inherit the same group as the directory, and newly created
subdirectories inherit the set-group-ID bit of the parent directory
>>

Extracted from :
http://www.gnu.org/s/coreutils/manual/html_node/Directory-Setuid-and-Setgid.html

According to :
http://www.gnu.org/s/mailman/mailman-install/bsd-issues.html
<<
Also, the setgid bit is not necessary on BSD systems because group
ownership is automatically inherited on files created in directories.
>>

Can you make the test and tell me if it's true?

So maybe a configure option could be a nice thing.

I'm not convinced about the security issue about inheritance setgid bit,
have you arguments?

Regards,
Sebastien

2011/12/14 Michał Borychowski <mic...@ge...>

> Hi!****
>
> ** **
>
> Unfortunately POSIX dosen’t give any clear specification on this subject. MooseFS
> behaves in a way which is found in most other systems and to be honest is
> the safest one. ****
>
> ** **
>
> For example at Max OS X (HFS+) we have:****
>
> (acid: </tmp/aqq>) $ mkdir dir1****
>
> (acid: </tmp/aqq>) $ ls -ld dir1****
>
> drwxr-xr-x  2 acid  wheel  68 Dec 13 21:15 dir1****
>
> (acid: </tmp/aqq>) $ chmod g+s dir1****
>
> (acid: </tmp/aqq>) $ chgrp staff dir1****
>
> (acid: </tmp/aqq>) $ ls -ld dir1****
>
> drwxr-xr-x  2 acid  staff  68 Dec 13 21:15 dir1****
>
> (acid: </tmp/aqq>) $ cd dir1****
>
> (acid: </tmp/aqq/dir1>) $ mkdir dir2****
>
> (acid: </tmp/aqq/dir1>) $ ls -ld dir2****
>
> drwxr-xr-x  2 acid  staff  68 Dec 13 21:15 dir2****
>
> ** **
>
> And at FreeBSD 7.x (UFS) we have:****
>
> [acid@fbsd7 /tmp/aqq]$ mkdir dir1****
>
> [acid@fbsd7 /tmp/aqq]$ ls -ld dir1****
>
> drwxr-xr-x  2 acid  wheel  512 Dec 13 21:18 dir1****
>
> [acid@fbsd7 /tmp/aqq]$ chmod g+s dir1****
>
> [acid@fbsd7 /tmp/aqq]$ chgrp users dir1****
>
> [acid@fbsd7 /tmp/aqq]$ ls -ld dir1****
>
> drwxr-xr-x  2 acid  users  512 Dec 13 21:18 dir1****
>
> [acid@fbsd7 /tmp/aqq]$ cd dir1****
>
> [acid@fbsd7 /tmp/aqq/dir1]$ mkdir dir2****
>
> [acid@fbsd7 /tmp/aqq/dir1]$ ls -ld dir2****
>
> drwxr-xr-x  2 acid  users  512 Dec 13 21:18 dir2****
>
> ** **
>
> ** **
>
> The behaviour of sgid bit described in your email is probably only on
> Linux. In the future we could think of "LINUX SUGID COMPATIBILITY" config
> option.****
>
> ** **
>
> ** **
>
> Kind regards****
>
> Michał Borychowski ****
>
> MooseFS Support Manager****
>
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _****
>
> Gemius S.A.****
>
> ul. Wołoska 7, 02-672 Warszawa****
>
> Budynek MARS, klatka D****
>
> Tel.: +4822 874-41-00****
>
> Fax : +4822 874-41-01****
>
> ** **
>
> *From:* Sébastien Morand [mailto:seb...@gm...]
> *Sent:* Tuesday, December 13, 2011 7:42 PM
> *To:* moo...@li...
> *Cc:* Aleksandra Rudnitska; Aleksandra Rudnitska
> *Subject:* ****
>
> ** **
>
> Hi,
>
> I'm currently using the mfs-1.6.20-2 and figured out that the setgid bit
> is not correctly handled.
>
> $ groups
> toto test
> $ cd $HOME
> $ mkdir dir1
> $ ls -ld dir1
> drwxr-xr-x 2 toto toto 4096 Dec 13 18:36 dir1
> $ chmod g+s dir1
> $ chgrp test dir1
> $ ls -ld dir1
> drwxr-xr-x 2 toto test 4096 Dec 13 18:36 dir1
> $ cd dir1
> $ mkdir dir2
> $ ls -ld dir2
> drwxr-xr-x 2 toto test 4096 Dec 13 18:36 dir2
>
> dir2 should have the setgid bit set, here it is the expected result :
> $ ls -ld dir2
> drwxr-sr-x 2 toto test 4096 Dec 13 18:36 dir2
>
> I'm attaching the patch for interested people. Only the mfsmaster is
> concerned. Sorry if this is corrected in later version.
>
> Regards,
> Sebastien****
>