Re: [Moosefs-users] setgid bit

[Sébastien M. <seb...@gm...>]

Hi,

To complete the discussion I installed an openbsd in Virtual box and make
the test.

$ mkdir test
$ ls -ld test
drwxr-xr-x   7 sebastien sebastien 4096 Dec 19 10:26 test
$ chgrp test test
$ ls -ld test
drwxr-xr-x   7 sebastien test 4096 Dec 19 10:36 test
$ cd test
$ mkdir test2
$ ls -la .
drwxr-xr-x   7 sebastien test 4096 Dec 19 10:58 .
drwxr-xr-x   7 sebastien test 4096 Dec 19 10:58 test2

So actually it's true, the repository is direclty inherited in BSDs (I
assume if it's true in OpenBSD, it must be in FreeBSD and NetBSD, I have no
time to install them too).

If this is the default behaviour on OpenBSD, I don't think it's a security
issue ;-)

Regards,
Sébastien

2011/12/14 Sébastien Morand <seb...@gm...>

> Hi,
>
> You are right, it's not posix, is GNU :
> <<
> On most systems, if a directory's set-group-ID bit is set, newly created
> subfiles inherit the same group as the directory, and newly created
> subdirectories inherit the set-group-ID bit of the parent directory
> >>
>
> Extracted from :
>
> http://www.gnu.org/s/coreutils/manual/html_node/Directory-Setuid-and-Setgid.html
>
> According to :
> http://www.gnu.org/s/mailman/mailman-install/bsd-issues.html
> <<
> Also, the setgid bit is not necessary on BSD systems because group
> ownership is automatically inherited on files created in directories.
> >>
>
> Can you make the test and tell me if it's true?
>
> So maybe a configure option could be a nice thing.
>
> I'm not convinced about the security issue about inheritance setgid bit,
> have you arguments?
>
> Regards,
> Sebastien
>
> 2011/12/14 Michał Borychowski <mic...@ge...>
>
>> Hi!****
>>
>> ** **
>>
>> Unfortunately POSIX dosen’t give any clear specification on this subject. MooseFS
>> behaves in a way which is found in most other systems and to be honest is
>> the safest one. ****
>>
>> ** **
>>
>> For example at Max OS X (HFS+) we have:****
>>
>> (acid: </tmp/aqq>) $ mkdir dir1****
>>
>> (acid: </tmp/aqq>) $ ls -ld dir1****
>>
>> drwxr-xr-x  2 acid  wheel  68 Dec 13 21:15 dir1****
>>
>> (acid: </tmp/aqq>) $ chmod g+s dir1****
>>
>> (acid: </tmp/aqq>) $ chgrp staff dir1****
>>
>> (acid: </tmp/aqq>) $ ls -ld dir1****
>>
>> drwxr-xr-x  2 acid  staff  68 Dec 13 21:15 dir1****
>>
>> (acid: </tmp/aqq>) $ cd dir1****
>>
>> (acid: </tmp/aqq/dir1>) $ mkdir dir2****
>>
>> (acid: </tmp/aqq/dir1>) $ ls -ld dir2****
>>
>> drwxr-xr-x  2 acid  staff  68 Dec 13 21:15 dir2****
>>
>> ** **
>>
>> And at FreeBSD 7.x (UFS) we have:****
>>
>> [acid@fbsd7 /tmp/aqq]$ mkdir dir1****
>>
>> [acid@fbsd7 /tmp/aqq]$ ls -ld dir1****
>>
>> drwxr-xr-x  2 acid  wheel  512 Dec 13 21:18 dir1****
>>
>> [acid@fbsd7 /tmp/aqq]$ chmod g+s dir1****
>>
>> [acid@fbsd7 /tmp/aqq]$ chgrp users dir1****
>>
>> [acid@fbsd7 /tmp/aqq]$ ls -ld dir1****
>>
>> drwxr-xr-x  2 acid  users  512 Dec 13 21:18 dir1****
>>
>> [acid@fbsd7 /tmp/aqq]$ cd dir1****
>>
>> [acid@fbsd7 /tmp/aqq/dir1]$ mkdir dir2****
>>
>> [acid@fbsd7 /tmp/aqq/dir1]$ ls -ld dir2****
>>
>> drwxr-xr-x  2 acid  users  512 Dec 13 21:18 dir2****
>>
>> ** **
>>
>> ** **
>>
>> The behaviour of sgid bit described in your email is probably only on
>> Linux. In the future we could think of "LINUX SUGID COMPATIBILITY" config
>> option.****
>>
>> ** **
>>
>> ** **
>>
>> Kind regards****
>>
>> Michał Borychowski ****
>>
>> MooseFS Support Manager****
>>
>> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _****
>>
>> Gemius S.A.****
>>
>> ul. Wołoska 7, 02-672 Warszawa****
>>
>> Budynek MARS, klatka D****
>>
>> Tel.: +4822 874-41-00****
>>
>> Fax : +4822 874-41-01****
>>
>> ** **
>>
>> *From:* Sébastien Morand [mailto:seb...@gm...]
>> *Sent:* Tuesday, December 13, 2011 7:42 PM
>> *To:* moo...@li...
>> *Cc:* Aleksandra Rudnitska; Aleksandra Rudnitska
>> *Subject:* ****
>>
>> ** **
>>
>> Hi,
>>
>> I'm currently using the mfs-1.6.20-2 and figured out that the setgid bit
>> is not correctly handled.
>>
>> $ groups
>> toto test
>> $ cd $HOME
>> $ mkdir dir1
>> $ ls -ld dir1
>> drwxr-xr-x 2 toto toto 4096 Dec 13 18:36 dir1
>> $ chmod g+s dir1
>> $ chgrp test dir1
>> $ ls -ld dir1
>> drwxr-xr-x 2 toto test 4096 Dec 13 18:36 dir1
>> $ cd dir1
>> $ mkdir dir2
>> $ ls -ld dir2
>> drwxr-xr-x 2 toto test 4096 Dec 13 18:36 dir2
>>
>> dir2 should have the setgid bit set, here it is the expected result :
>> $ ls -ld dir2
>> drwxr-sr-x 2 toto test 4096 Dec 13 18:36 dir2
>>
>> I'm attaching the patch for interested people. Only the mfsmaster is
>> concerned. Sorry if this is corrected in later version.
>>
>> Regards,
>> Sebastien****
>>
>
>