SUID bit on a directory.

[SirDice]

It seems the man page for chmod(1) is either wrong or I'm misunderstanding it.

Specifically:

           4000    (the setuid bit).  Executable files with this bit set will
                   run with effective uid set to the uid of the file owner.
                   [highlight]Directories with this bit set will force all files and sub-
                   directories created in them to be owned by the directory
                   owner and not by the uid of the creating process, if the
                   underlying file system supports this feature: see chmod(2)
                   and the suiddir option to mount(8).[/highlight]

Assume a regular UFS filesystem:

root@fbsd-test:/ # mkdir /test
root@fbsd-test:/ # chown user_a:test /test/
root@fbsd-test:/ # chmod 4775 test/
root@fbsd-test:/ # ls -ald /test/
drwsrwxr-x  2 user_a  test  512 Sep 16 13:36 /test/
root@fbsd-test:/ # id user_a
uid=1002(user_a) gid=1002(user_a) groups=1002(user_a),1004(test)
root@fbsd-test:/ # id user_b
uid=1003(user_b) gid=1003(user_b) groups=1003(user_b),1004(test)
root@fbsd-test:/ # su - user_b
user_b@fbsd-test:~ % cd /test/
user_b@fbsd-test:/test % touch file1
user_b@fbsd-test:/test % ls -l file1
-rw-r--r--  1 user_b  test  0 Sep 16 13:37 file1
user_b@fbsd-test:/test %

According to the man page the file1 file should be owned by user_a, not user_b.

Setting the SGID does work as expected:

root@fbsd-test:/ # mkdir /test
root@fbsd-test:/ # chown user_a:test /test
root@fbsd-test:/ # chmod 2775 /test
root@fbsd-test:/ # ls -ald /test
drwxrwsr-x  2 user_a  test  512 Sep 16 13:39 /test/
root@fbsd-test:/ # su - user_b
user_b@fbsd-test:~ % cd /test
user_b@fbsd-test:/test % ll
total 0
user_b@fbsd-test:/test % touch file2
user_b@fbsd-test:/test % ls -al file2
-rw-r--r--  1 user_b  test  0 Sep 16 13:40 file2

 

[fonz]

Just to be sure: does your kernel have SUIDDIR enabled? Also, has the filesystem in question been mounted with the suiddir option?

 

[SirDice]

I'm not sure, it's just a GENERIC kernel. I don't think it's enabled by default.

 

[fonz]

it's just a GENERIC kernel. I don't think it's enabled by default.

It isn't. You need to build a kernel with

option[HIGHLIGHT]s[/HIGHLIGHT] SUIDDIR

and the filesystem must be mounted with the -o suiddir option.

 

[SirDice]

Bugger. It seems the man page isn't clear enough.

We have several different people administrating websites. Each file is now owned by the person that put it there. I was hoping to use this to set it to a specific user ID. It seems I have to figure out a way of doing this with a group (I can't run a custom kernel).

 

[fonz]

It is mentioned somewhere in chmod(2), which in turn is referred to in chmod(1)

And yes, what you want is a typical use of this feature.