Solved configuration question: persistent gid after su

Bill Evans at Mariposa

Bill Evans at Mariposa

When I use su(1) to change my UID and then touch(1) a file which does not yet exist, the new file has the correct owner, but the associated group is the one for my original login; it does not reflect the change of GID. I have no difficulty changing the group associated with the new file after the fact using chown(), but the original value surprises me.

This is not the fault of su(1). When I run a C program which calls setgid(2) and setuid(2) (and also changes the environment variable USER), the behavior is the same. And yes, I check the returned result from setgid(2) and setuid(2), and also print the returned result from getuid(2), geteuid(2), getgid(2), and getegid(2).

Is this a feature? If so, why would one want this feature? I suspect that this, um, wonderful behavior is specified in a configuration file somewhere, and I can turn it off. True? and how?
 
There is a difference in behavior between su myuser and su - myuser. Which one are you using?
 
SirDice said:
There is a difference in behavior between su myuser and su - myuser. Which one are you using?
Click to expand...
I'm using the one without the hyphen. The group on the newly-created file always follows the most recent actual login (which I know the hyphen would simulate), but I don't want to login again. I just want to change the uid and gid, and have that gid be reflected in new files I create without having to do chown(1) on each such file.
 
I'm an immigrant from Linux, so I was used to Linux's way of doing things. It turns out that the group associated with a new file is not that of the creator, whether or not the -l option was used with su(1).

The rules are these.
  1. As just stated, a new file inherits the group of its enclosing directory.
  2. The kernel can be configured so that if the setuid bit is set on the enclosing directory, then a new file also inherits the owner of that directory.

The rules for UNIX and Linux are slightly different.
  1. If the setgid bit is set on the enclosing directory, then a new file inherits the group of that directory.
  2. There is no way to force a new file (one being created right now) to inherit the owner of its enclosing directory.

Well, ok, then.
 
You must log in or register to reply here.
Back
Top