GNU bug report logs - #10311
RFE: Give chmod a "-h" option as well

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: coreutils; Severity: wishlist; Reported by: Jan Engelhardt <jengelh@HIDDEN>; dated Fri, 16 Dec 2011 16:32:02 UTC; Maintainer for coreutils is bug-coreutils@HIDDEN.

Message received at 10311 <at> debbugs.gnu.org:


Received: (at 10311) by debbugs.gnu.org; 16 Dec 2011 20:17:53 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Dec 16 15:17:53 2011
Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1RbeE5-0002ca-59
	for submit <at> debbugs.gnu.org; Fri, 16 Dec 2011 15:17:53 -0500
Received: from mx1.redhat.com ([209.132.183.28])
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <eblake@HIDDEN>) id 1RbeE2-0002cJ-6L
	for 10311 <at> debbugs.gnu.org; Fri, 16 Dec 2011 15:17:52 -0500
Received: from int-mx10.intmail.prod.int.phx2.redhat.com
	(int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id pBGKGCcG019884
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Fri, 16 Dec 2011 15:16:12 -0500
Received: from [10.3.113.9] ([10.3.113.9])
	by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id pBGKGBJV002971; Fri, 16 Dec 2011 15:16:11 -0500
Message-ID: <4EEBA70B.9050408@HIDDEN>
Date: Fri, 16 Dec 2011 13:16:11 -0700
From: Eric Blake <eblake@HIDDEN>
Organization: Red Hat
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:8.0) Gecko/20111115 Thunderbird/8.0
MIME-Version: 1.0
Subject: Re: bug#10311: RFE: Give chmod a "-h" option as well
References: <alpine.LNX.2.01.1112161721430.6649@HIDDEN>
	<20111216173005.GA20973@HIDDEN>
	<4EEB8305.3070406@HIDDEN>
	<20111216183747.GB31096@HIDDEN>
	<4EEB9641.5090007@HIDDEN>
In-Reply-To: <4EEB9641.5090007@HIDDEN>
X-Enigmail-Version: 1.3.4
OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="------------enig4C9498E2CDEA729C4EED6CD2"
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
X-Spam-Score: -8.9 (--------)
X-Debbugs-Envelope-To: 10311
Cc: 10311 <at> debbugs.gnu.org, Bob Proulx <bob@HIDDEN>,
	Jan Engelhardt <jengelh@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -8.9 (--------)

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig4C9498E2CDEA729C4EED6CD2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 12/16/2011 12:04 PM, Eric Blake wrote:
>> It would be informative to myself and I expect others if you could
>> post an example of the behavior from a BSD system showing the
>> restriction through a symlink's permissions.
>=20
> But I still remember reading about permissions affecting symlinks on at=

> least one BSD variant (I'm still trying to find where I remember that
> from); something like 'w' permissions were required for readlink(2) to
> succeed, and 'x' permissions required for open(2) and friends to
> successfully follow the symlink.  I'll post back if I can find more
> evidence.

NetBSD is the one I was remembering, and it is a per-device mount-option
that controls whether permissions matter (alas, I have no root
permissions on any of the NetBSD systems I currently have access to, in
order to try out the mount option and show an actual transcript of a
permission-enforced failure):

http://www.daemon-systems.org/man/symlink.7.html

     If the filesystem is mounted with the symperm mount(8) option, the s=
ym-
     bolic link file permission bits have the following effects:

     The readlink(2) system call requires read permissions on the symboli=
c
     link.

     System calls that follow symbolic links will fail without
execute/search
     permissions on all the symbolic links followed.

     The write, sticky, set-user-ID-on-execution and
set-group-ID-on-execution
     symbolic link mode bits have no effect on any system calls (includin=
g
     execve(2)).

So it was 'r' and 'x' bits that matter ('w' is still inconsequential,
even with symperm enabled on a device, although lchmod() and
fchmodat(AT_SYMLINK_NOFOLLOW) let you modify all the bits).

--=20
Eric Blake   eblake@HIDDEN    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--------------enig4C9498E2CDEA729C4EED6CD2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJO66cLAAoJEKeha0olJ0Nqo+8IAKrGM1ymd8+zBs78uOjexu7d
n01ABgeLffUQg3v7Mx+4hzHIEUenx4k198OCOo7pqluwDBDbnevufK+HUjvcxFW9
1M+yv4nl2pSCYpVyD7TlwczAq/WeOwZ9kU6LpSEkHayyoPghBLQgraIdO1R/y9vh
/kexhHke5qgm63MvGUrOuDViyYxei4VFmDoJ9ASmGJsVrk/IOV80D8vdXqqPmCYG
g1NQCe4FbH4DoxZaJQD4UcD8jYG4rmrxjNeZrJQoqszdEHvZdMGVxFvSmlg+Dsr4
8kxifOUlJdBIm9JKScxBSEm0D9HU5xjor8wpV90ruT7MG2kSj0l1Hh5fkEML3w0=
=usXg
-----END PGP SIGNATURE-----

--------------enig4C9498E2CDEA729C4EED6CD2--




Information forwarded to bug-coreutils@HIDDEN:
bug#10311; Package coreutils. Full text available.

Message received at 10311 <at> debbugs.gnu.org:


Received: (at 10311) by debbugs.gnu.org; 16 Dec 2011 19:06:14 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Dec 16 14:06:14 2011
Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1Rbd6k-0000ci-3h
	for submit <at> debbugs.gnu.org; Fri, 16 Dec 2011 14:06:14 -0500
Received: from mx1.redhat.com ([209.132.183.28])
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <eblake@HIDDEN>) id 1Rbd6h-0000cb-Hx
	for 10311 <at> debbugs.gnu.org; Fri, 16 Dec 2011 14:06:13 -0500
Received: from int-mx02.intmail.prod.int.phx2.redhat.com
	(int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id pBGJ4Y0T029277
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Fri, 16 Dec 2011 14:04:34 -0500
Received: from [10.3.113.9] ([10.3.113.9])
	by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id pBGJ4XSM005941; Fri, 16 Dec 2011 14:04:33 -0500
Message-ID: <4EEB9641.5090007@HIDDEN>
Date: Fri, 16 Dec 2011 12:04:33 -0700
From: Eric Blake <eblake@HIDDEN>
Organization: Red Hat
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:8.0) Gecko/20111115 Thunderbird/8.0
MIME-Version: 1.0
To: Bob Proulx <bob@HIDDEN>
Subject: Re: bug#10311: RFE: Give chmod a "-h" option as well
References: <alpine.LNX.2.01.1112161721430.6649@HIDDEN>
	<20111216173005.GA20973@HIDDEN>
	<4EEB8305.3070406@HIDDEN>
	<20111216183747.GB31096@HIDDEN>
In-Reply-To: <20111216183747.GB31096@HIDDEN>
X-Enigmail-Version: 1.3.4
OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="------------enigDAB10D17DE215C4A31865499"
X-Scanned-By: MIMEDefang 2.67 on 10.5.11.12
X-Spam-Score: -10.3 (----------)
X-Debbugs-Envelope-To: 10311
Cc: 10311 <at> debbugs.gnu.org, Jan Engelhardt <jengelh@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -10.3 (----------)

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigDAB10D17DE215C4A31865499
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 12/16/2011 11:37 AM, Bob Proulx wrote:
> Eric Blake wrote:
>> Bob Proulx wrote:
>>> * The mode bits of a symlink are not used.  The original Unix authors=

>>>   ignored them and did not provide any way to change them.
>>
>> That's true for Linux, but false for BSD (where the mode bits of a
>> symlink can allow restriction on dereferencing through the symlink).
>=20
> What?!  I was not aware of this.  I have been too SysV centric for too
> many years.  And I do not have access to a BSD system in which to
> learn about it.
>=20
> It would be informative to myself and I expect others if you could
> post an example of the behavior from a BSD system showing the
> restriction through a symlink's permissions.

Right now, I only had easy access to 64-bit FreeBSD 8.2-RELEASE, and
there, the system call lchmod(2) exists, but 'man 7 symlink' states that
access permissions are ignored.

But I still remember reading about permissions affecting symlinks on at
least one BSD variant (I'm still trying to find where I remember that
from); something like 'w' permissions were required for readlink(2) to
succeed, and 'x' permissions required for open(2) and friends to
successfully follow the symlink.  I'll post back if I can find more
evidence.

--=20
Eric Blake   eblake@HIDDEN    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--------------enigDAB10D17DE215C4A31865499
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJO65ZBAAoJEKeha0olJ0NqPcMIAJDbfDIQMLQ9pXmbi+uNV3S+
OpQ0FzXPpwlGaQTPOn2WBZmKTXle2aHcob6XY8icFHX1Li61FdT3bnUFzHQ/AjTP
HtBMbtEF6fQ/pQMtCyRlCgNNK2J07ZeuR32IekUV8GIU6ID/HIfKBsjQPCbutHUI
TKxkklP4ud4RBctxURDvHgU5STO4pwVjcdlDAJiSfVWbXQgxj7DhXO2NcZj4pUFj
mfFwTDiQxDx2+TSE5+kTfmEyk5cPoLvkZgtv8TNSsCKyO0II0BGZ6Vuu/DYDIPCs
TOdbfxxn9dk967zNGvH5G+tKllMkqfoWp+ZbrkQnhrA3Fo9qZNb0bWhrcG/fSK4=
=+Pi/
-----END PGP SIGNATURE-----

--------------enigDAB10D17DE215C4A31865499--




Information forwarded to bug-coreutils@HIDDEN:
bug#10311; Package coreutils. Full text available.

Message received at 10311 <at> debbugs.gnu.org:


Received: (at 10311) by debbugs.gnu.org; 16 Dec 2011 19:00:30 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Dec 16 14:00:30 2011
Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1Rbd1C-0000Ug-9p
	for submit <at> debbugs.gnu.org; Fri, 16 Dec 2011 14:00:30 -0500
Received: from smtp.cs.ucla.edu ([131.179.128.62])
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <eggert@HIDDEN>) id 1Rbd19-0000UY-M1
	for 10311 <at> debbugs.gnu.org; Fri, 16 Dec 2011 14:00:29 -0500
Received: from localhost (localhost.localdomain [127.0.0.1])
	by smtp.cs.ucla.edu (Postfix) with ESMTP id 137D739E8010;
	Fri, 16 Dec 2011 10:58:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu
Received: from smtp.cs.ucla.edu ([127.0.0.1])
	by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id gDwMsK30aI+f; Fri, 16 Dec 2011 10:58:49 -0800 (PST)
Received: from [192.168.1.10] (pool-71-189-109-235.lsanca.fios.verizon.net
	[71.189.109.235])
	by smtp.cs.ucla.edu (Postfix) with ESMTPSA id A6F4C39E8007;
	Fri, 16 Dec 2011 10:58:49 -0800 (PST)
Message-ID: <4EEB94EA.2080602@HIDDEN>
Date: Fri, 16 Dec 2011 10:58:50 -0800
From: Paul Eggert <eggert@HIDDEN>
Organization: UCLA Computer Science Department
User-Agent: Mozilla/5.0 (X11; Linux i686;
	rv:8.0) Gecko/20111124 Thunderbird/8.0
MIME-Version: 1.0
To: Bob Proulx <bob@HIDDEN>
Subject: Re: bug#10311: RFE: Give chmod a "-h" option as well
References: <alpine.LNX.2.01.1112161721430.6649@HIDDEN>
	<20111216173005.GA20973@HIDDEN>
	<4EEB8305.3070406@HIDDEN>
	<20111216183747.GB31096@HIDDEN>
In-Reply-To: <20111216183747.GB31096@HIDDEN>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Spam-Score: -2.9 (--)
X-Debbugs-Envelope-To: 10311
Cc: 10311 <at> debbugs.gnu.org, Jan Engelhardt <jengelh@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -2.9 (--)

On 12/16/11 10:37, Bob Proulx wrote:
> an example of the behavior from a BSD system showing the
> restriction through a symlink's permissions.

In BSD systems a symlink's permissions do not restrict
anything.  They exist, and can be changed, and you can look
at them with ls -l, but they have no effect on what you can
do with the symlink.

I do recall an alternative implementation where you could
not use readlink without read permission to the symlink,
and you could not follow the symlink with search (x)
permission.  But I don't remember which one that was;
perhaps it was just experimental.

In NTFS symbolic permissions have a different interpretation,
which I don't know much about and may not be relevant here.




Information forwarded to bug-coreutils@HIDDEN:
bug#10311; Package coreutils. Full text available.

Message received at 10311 <at> debbugs.gnu.org:


Received: (at 10311) by debbugs.gnu.org; 16 Dec 2011 18:39:27 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Dec 16 13:39:26 2011
Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1Rbcgo-0008SH-QK
	for submit <at> debbugs.gnu.org; Fri, 16 Dec 2011 13:39:26 -0500
Received: from joseki.proulx.com ([216.17.153.58])
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <bob@HIDDEN>) id 1Rbcgm-0008SA-V3
	for 10311 <at> debbugs.gnu.org; Fri, 16 Dec 2011 13:39:25 -0500
Received: from hysteria.proulx.com (hysteria.proulx.com [192.168.230.119])
	by joseki.proulx.com (Postfix) with ESMTP id 65243211D1;
	Fri, 16 Dec 2011 11:37:47 -0700 (MST)
Received: by hysteria.proulx.com (Postfix, from userid 1000)
	id 2A9322DCD7; Fri, 16 Dec 2011 11:37:47 -0700 (MST)
Date: Fri, 16 Dec 2011 11:37:47 -0700
From: Bob Proulx <bob@HIDDEN>
To: 10311 <at> debbugs.gnu.org, Jan Engelhardt <jengelh@HIDDEN>
Subject: Re: bug#10311: RFE: Give chmod a "-h" option as well
Message-ID: <20111216183747.GB31096@HIDDEN>
References: <alpine.LNX.2.01.1112161721430.6649@HIDDEN>
	<20111216173005.GA20973@HIDDEN>
	<4EEB8305.3070406@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4EEB8305.3070406@HIDDEN>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Spam-Score: -2.5 (--)
X-Debbugs-Envelope-To: 10311
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -2.5 (--)

Eric Blake wrote:
> Bob Proulx wrote:
> > * The mode bits of a symlink are not used.  The original Unix authors
> >   ignored them and did not provide any way to change them.
> 
> That's true for Linux, but false for BSD (where the mode bits of a
> symlink can allow restriction on dereferencing through the symlink).

What?!  I was not aware of this.  I have been too SysV centric for too
many years.  And I do not have access to a BSD system in which to
learn about it.

It would be informative to myself and I expect others if you could
post an example of the behavior from a BSD system showing the
restriction through a symlink's permissions.

Bob




Information forwarded to bug-coreutils@HIDDEN:
bug#10311; Package coreutils. Full text available.

Message received at 10311 <at> debbugs.gnu.org:


Received: (at 10311) by debbugs.gnu.org; 16 Dec 2011 18:26:32 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Dec 16 13:26:32 2011
Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1RbcUK-00089d-I8
	for submit <at> debbugs.gnu.org; Fri, 16 Dec 2011 13:26:32 -0500
Received: from joseki.proulx.com ([216.17.153.58])
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <bob@HIDDEN>) id 1RbcUI-00089W-Pj
	for 10311 <at> debbugs.gnu.org; Fri, 16 Dec 2011 13:26:31 -0500
Received: from hysteria.proulx.com (hysteria.proulx.com [192.168.230.119])
	by joseki.proulx.com (Postfix) with ESMTP id 6C59A211D1;
	Fri, 16 Dec 2011 11:24:53 -0700 (MST)
Received: by hysteria.proulx.com (Postfix, from userid 1000)
	id 3297A2DCD7; Fri, 16 Dec 2011 11:24:53 -0700 (MST)
Date: Fri, 16 Dec 2011 11:24:53 -0700
From: Bob Proulx <bob@HIDDEN>
To: Jan Engelhardt <jengelh@HIDDEN>
Subject: Re: bug#10311: RFE: Give chmod a "-h" option as well
Message-ID: <20111216182453.GA31096@HIDDEN>
References: <alpine.LNX.2.01.1112161721430.6649@HIDDEN>
	<20111216173005.GA20973@HIDDEN>
	<alpine.LNX.2.01.1112161854080.3387@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <alpine.LNX.2.01.1112161854080.3387@HIDDEN>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Spam-Score: -2.5 (--)
X-Debbugs-Envelope-To: 10311
Cc: 10311 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -2.5 (--)

Jan Engelhardt wrote:
> Bob Proulx wrote:
> > chmod -R [does not] by default dereference[s] symlinks.
> 
> It does not? Oh, in that case the report may be closed.

Here is an example test case:

  $ mkdir symlink-perm-test
  $ cd symlink-perm-test
  $ mkdir dir1 dir2
  $ date > dir1/datestamp
  $ chmod go-w dir1/datestamp

  $ ls -ldog dir1/datestamp
  -rw-r--r-- 1 29 Dec 16 11:11 dir1/datestamp

  $ ls -ldog dir2/link1
  lrwxrwxrwx 1 17 Dec 16 11:12 dir2/link1 -> ../dir1/datestamp

  $ cat dir2/link1
  Fri Dec 16 11:11:10 MST 2011

  $ chmod -v -R g+w dir2
  mode of `dir2' retained as 0775 (rwxrwxr-x)
  neither symbolic link `dir2/linkdir2' nor referent has been changed
  neither symbolic link `dir2/link1' nor referent has been changed

  $ ls -ldog dir1/datestamp
  -rw-r--r-- 1 29 Dec 16 11:11 dir1/datestamp

> This behavior is however inconsistent with what chown (and many other
> tools) do by default though.

Symlinks violate some principles of least surprise. Therefore it is no
surprise that it is impossible to make all uses of symlinks
unsurprising.

Symlinks were intended to be completely transparent.  There shouldn't
be any difference between a symlink and the referenced file.  But some
commands do have differences anyway.

Bob




Information forwarded to bug-coreutils@HIDDEN:
bug#10311; Package coreutils. Full text available.

Message received at 10311 <at> debbugs.gnu.org:


Received: (at 10311) by debbugs.gnu.org; 16 Dec 2011 18:19:38 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Dec 16 13:19:38 2011
Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1RbcNe-0007z2-9E
	for submit <at> debbugs.gnu.org; Fri, 16 Dec 2011 13:19:38 -0500
Received: from mx1.redhat.com ([209.132.183.28])
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <eblake@HIDDEN>) id 1RbcNa-0007yr-Eq
	for 10311 <at> debbugs.gnu.org; Fri, 16 Dec 2011 13:19:36 -0500
Received: from int-mx10.intmail.prod.int.phx2.redhat.com
	(int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id pBGIHlhA022395
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Fri, 16 Dec 2011 13:17:56 -0500
Received: from [10.3.113.9] ([10.3.113.9])
	by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id pBGHgTDn027981; Fri, 16 Dec 2011 12:42:30 -0500
Message-ID: <4EEB8305.3070406@HIDDEN>
Date: Fri, 16 Dec 2011 10:42:29 -0700
From: Eric Blake <eblake@HIDDEN>
Organization: Red Hat
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:8.0) Gecko/20111115 Thunderbird/8.0
MIME-Version: 1.0
To: Bob Proulx <bob@HIDDEN>
Subject: Re: bug#10311: RFE: Give chmod a "-h" option as well
References: <alpine.LNX.2.01.1112161721430.6649@HIDDEN>
	<20111216173005.GA20973@HIDDEN>
In-Reply-To: <20111216173005.GA20973@HIDDEN>
X-Enigmail-Version: 1.3.4
OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="------------enigD020192586131A49FAE02871"
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
X-Spam-Score: -10.3 (----------)
X-Debbugs-Envelope-To: 10311
Cc: 10311 <at> debbugs.gnu.org, Jan Engelhardt <jengelh@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -10.3 (----------)

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigD020192586131A49FAE02871
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 12/16/2011 10:30 AM, Bob Proulx wrote:
> severity 10311 wishlist
> thanks
>=20
> Jan Engelhardt wrote:
>> Give chmod a "-h" option as well
>=20
> There are several important points concerning symlinks, the mode bits,
> chmod(1) and chmod(2).
>=20
> * The mode bits of a symlink are not used.  The original Unix authors
>   ignored them and did not provide any way to change them.

That's true for Linux, but false for BSD (where the mode bits of a
symlink can allow restriction on dereferencing through the symlink).

>=20
> * The mode bits of a symlink are set when they are created and never
>   modified nor used after that time.

Linux cannot modify symlink mode bits, but BSD can, precisely because
Linux does not honor symlink mode bits, but BSD does.  POSIX permits
both styles of operation; the new fchmodat() API is required to
understand AT_SYMLINK_NOFOLLOW, but is allowed to reject it with
EOPNOTSUPP (compared to the more typical EINVAL for an invalid flag bit).=


>=20
> * Some operating systems do allow symlink mode bits to be set but that
>   feature is not wide spread.
>=20
> Since the mode bits of a symlink are not in any way significant there
> isn't any urgent need to change them.

Since BSD chmod can set and usefully use symlink mode bits, and GNU
coreutils can target BSD, then yes, we should support chmod -h, using
fchmodat(), even if it is not our highest priority to implement it.

At one point I had a scratch patch in one of my local trees attempting
this conversion to add chmod -h; maybe I should revisit it and submit it
to the list.

--=20
Eric Blake   eblake@HIDDEN    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--------------enigD020192586131A49FAE02871
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJO64MFAAoJEKeha0olJ0NqXCwH/2t534ab66oJnCQyypu08g8H
mp+D1zASVzjCpjfjci5S6Mkiq46DkqzLZdRTSiMt/Cht4KJd8C6Ka9bRncTCRRBi
qlv5FfWKTX0dAUMCwWeDpoboPVZPCOeRiMi8xGzlGzAcQIVwX1sF6t3uJDaXuIo1
NoeYsTnsIj9aqZPdmUXu385LCpHm7LpPXOE/Smg6BsJgUh5g6HSnIbf62DsiVgsh
0uXBnLzG2O3UUoyxlCSMBjgpuRY/PdsekC9YwlwicAO3xKn34T31cMEEc9dI2gQX
nZcESoflBte3fVVhCLGyuGK/YM1CqDyasqhcOk8covAZ9xeCIE16K9DucxmjB5I=
=LEaF
-----END PGP SIGNATURE-----

--------------enigD020192586131A49FAE02871--




Information forwarded to bug-coreutils@HIDDEN:
bug#10311; Package coreutils. Full text available.

Message received at 10311 <at> debbugs.gnu.org:


Received: (at 10311) by debbugs.gnu.org; 16 Dec 2011 18:08:25 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Dec 16 13:08:25 2011
Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1RbcCn-0007is-1Q
	for submit <at> debbugs.gnu.org; Fri, 16 Dec 2011 13:08:25 -0500
Received: from smtp.cs.ucla.edu ([131.179.128.62])
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <eggert@HIDDEN>) id 1RbcCk-0007ii-EQ
	for 10311 <at> debbugs.gnu.org; Fri, 16 Dec 2011 13:08:24 -0500
Received: from localhost (localhost.localdomain [127.0.0.1])
	by smtp.cs.ucla.edu (Postfix) with ESMTP id 3562FA60001;
	Fri, 16 Dec 2011 10:06:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu
Received: from smtp.cs.ucla.edu ([127.0.0.1])
	by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id IE-idLNqPz9U; Fri, 16 Dec 2011 10:06:44 -0800 (PST)
Received: from [192.168.1.10] (pool-71-189-109-235.lsanca.fios.verizon.net
	[71.189.109.235])
	by smtp.cs.ucla.edu (Postfix) with ESMTPSA id 6258739E8010;
	Fri, 16 Dec 2011 10:06:44 -0800 (PST)
Message-ID: <4EEB88B0.6020406@HIDDEN>
Date: Fri, 16 Dec 2011 10:06:40 -0800
From: Paul Eggert <eggert@HIDDEN>
Organization: UCLA Computer Science Department
User-Agent: Mozilla/5.0 (X11; Linux i686;
	rv:8.0) Gecko/20111124 Thunderbird/8.0
MIME-Version: 1.0
To: Bob Proulx <bob@HIDDEN>
Subject: Re: bug#10311: RFE: Give chmod a "-h" option as well
References: <alpine.LNX.2.01.1112161721430.6649@HIDDEN>
	<20111216173005.GA20973@HIDDEN>
In-Reply-To: <20111216173005.GA20973@HIDDEN>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Spam-Score: -2.9 (--)
X-Debbugs-Envelope-To: 10311
Cc: 10311 <at> debbugs.gnu.org, Jan Engelhardt <jengelh@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -2.9 (--)

On 12/16/11 09:30, Bob Proulx wrote:
> Neither chmod -R nor find by default dereference symlinks.

But there's still a problem without -R.  Suppose the attacker does
"ln -s /etc/passwd slylink" and then root does "chmod a+w *"
in a directory containing slylink.  Then anyone can write /etc/passwd.

There's an obvious fix here: make chmod act like chown with respect
to the -H, -L, -P, and -h options.  This would be compatible with
FreeBSD chmod.  On hosts that support symbolic-link permissions
(BSD being one of them), GNU chmod would act like BSD chmod when
changing the mode of symbolic links.  On hosts that don't, it
would report an error.  Then a paranoid root (and shouldn't root
be paranoid? :-) could use chmod -h for everything.

Here's a quick and untested patch to do this.  Assuming there's interest,
I can flesh this out by adding proper documentation and test cases.

diff --git a/src/chmod.c b/src/chmod.c
index 6fec84a..6b7c021 100644
--- a/src/chmod.c
+++ b/src/chmod.c
@@ -68,6 +68,10 @@ static mode_t umask_value;
 /* If true, change the modes of directories recursively. */
 static bool recurse;
 
+/* 1 if --dereference, 0 if --no-dereference, -1 if neither has been
+   specified.  */
+static int dereference = -1;
+
 /* If true, force silence (suppress most of error messages). */
 static bool force_silent;
 
@@ -87,7 +91,8 @@ static struct dev_ino *root_dev_ino;
    non-character as a pseudo short option, starting with CHAR_MAX + 1.  */
 enum
 {
-  NO_PRESERVE_ROOT = CHAR_MAX + 1,
+  DEREFERENCE_OPTION = CHAR_MAX + 1,
+  NO_PRESERVE_ROOT,
   PRESERVE_ROOT,
   REFERENCE_FILE_OPTION
 };
@@ -95,7 +100,9 @@ enum
 static struct option const long_options[] =
 {
   {"changes", no_argument, NULL, 'c'},
+  {"dereference", no_argument, NULL, DEREFERENCE_OPTION},
   {"recursive", no_argument, NULL, 'R'},
+  {"no-dereference", no_argument, NULL, 'h'},
   {"no-preserve-root", no_argument, NULL, NO_PRESERVE_ROOT},
   {"preserve-root", no_argument, NULL, PRESERVE_ROOT},
   {"quiet", no_argument, NULL, 'f'},
@@ -188,6 +195,7 @@ process_file (FTS *fts, FTSENT *ent)
   char const *file_full_name = ent->fts_path;
   char const *file = ent->fts_accpath;
   const struct stat *file_stats = ent->fts_statp;
+  struct stat stat_buf;
   mode_t old_mode IF_LINT ( = 0);
   mode_t new_mode IF_LINT ( = 0);
   bool ok = true;
@@ -232,10 +240,28 @@ process_file (FTS *fts, FTSENT *ent)
       break;
 
     case FTS_SLNONE:
-      if (! force_silent)
-        error (0, 0, _("cannot operate on dangling symlink %s"),
-               quote (file_full_name));
-      ok = false;
+      if (dereference)
+        {
+          if (! force_silent)
+            error (0, 0, _("cannot operate on dangling symlink %s"),
+                   quote (file_full_name));
+          ok = false;
+        }
+      break;
+
+    case FTS_SL:
+      if (dereference)
+        {
+          if (fstatat (fts->fts_cwd_fd, file, &stat_buf, 0) != 0)
+            {
+              if (! force_silent)
+                error (0, errno, _("cannot dereference %s"),
+                       quote (file_full_name));
+              ok = false;
+            }
+
+          file_stats = &stat_buf;
+        }
       break;
 
     case FTS_DC:		/* directory that causes cycles */
@@ -266,17 +292,16 @@ process_file (FTS *fts, FTSENT *ent)
       new_mode = mode_adjust (old_mode, S_ISDIR (old_mode) != 0, umask_value,
                               change, NULL);
 
-      if (! S_ISLNK (old_mode))
+      if (fchmodat (fts->fts_cwd_fd, file, new_mode,
+                    dereference ? 0 : AT_SYMLINK_NOFOLLOW)
+          == 0)
+        chmod_succeeded = true;
+      else
         {
-          if (chmodat (fts->fts_cwd_fd, file, new_mode) == 0)
-            chmod_succeeded = true;
-          else
-            {
-              if (! force_silent)
-                error (0, errno, _("changing permissions of %s"),
-                       quote (file_full_name));
-              ok = false;
-            }
+          if (! force_silent)
+            error (0, errno, _("changing permissions of %s"),
+                   quote (file_full_name));
+          ok = false;
         }
     }
 
@@ -381,6 +406,13 @@ Change the mode of each FILE to MODE.\n\
   -c, --changes           like verbose but report only when a change is made\n\
 "), stdout);
       fputs (_("\
+      --dereference      affect the referent of each symbolic link (this is\n\
+                         the default), rather than the symbolic link itself\n\
+  -h, --no-dereference   affect each symbolic link instead of any referenced\n\
+                         file (useful only on systems that can change the\n\
+                         ownership of a symlink)\n\
+"), stdout);
+      fputs (_("\
       --no-preserve-root  do not treat `/' specially (the default)\n\
       --preserve-root     fail to operate recursively on `/'\n\
 "), stdout);
@@ -389,6 +421,19 @@ Change the mode of each FILE to MODE.\n\
   -v, --verbose           output a diagnostic for every file processed\n\
       --reference=RFILE   use RFILE's mode instead of MODE values\n\
   -R, --recursive         change files and directories recursively\n\
+\n\
+"), stdout);
+      fputs (_("\
+The following options modify how a hierarchy is traversed when the -R\n\
+option is also specified.  If more than one is specified, only the final\n\
+one takes effect.\n\
+\n\
+  -H                     if a command line argument is a symbolic link\n\
+                         to a directory, traverse it\n\
+  -L                     traverse every symbolic link to a directory\n\
+                         encountered\n\
+  -P                     do not traverse any symbolic links (default)\n\
+\n\
 "), stdout);
       fputs (HELP_OPTION_DESCRIPTION, stdout);
       fputs (VERSION_OPTION_DESCRIPTION, stdout);
@@ -414,6 +459,7 @@ main (int argc, char **argv)
   bool preserve_root = false;
   char const *reference_file = NULL;
   int c;
+  int bit_flags = FTS_PHYSICAL;
 
   initialize_main (&argc, &argv);
   set_program_name (argv[0]);
@@ -426,12 +472,33 @@ main (int argc, char **argv)
   recurse = force_silent = diagnose_surprises = false;
 
   while ((c = getopt_long (argc, argv,
-                           "Rcfvr::w::x::X::s::t::u::g::o::a::,::+::=::",
+                           "HLPRcfhvr::w::x::X::s::t::u::g::o::a::,::+::=::",
                            long_options, NULL))
          != -1)
     {
       switch (c)
         {
+        case 'H': /* Traverse command-line symlinks-to-directories.  */
+          bit_flags = FTS_COMFOLLOW | FTS_PHYSICAL;
+          break;
+
+        case 'L': /* Traverse all symlinks-to-directories.  */
+          bit_flags = FTS_LOGICAL;
+          break;
+
+        case 'P': /* Traverse no symlinks-to-directories.  */
+          bit_flags = FTS_PHYSICAL;
+          break;
+
+        case 'h': /* --no-dereference: affect symlinks */
+          dereference = 0;
+          break;
+
+        case DEREFERENCE_OPTION: /* --dereference: affect the referent
+                                    of each symlink */
+          dereference = 1;
+          break;
+
         case 'r':
         case 'w':
         case 'x':
@@ -499,6 +566,21 @@ main (int argc, char **argv)
         }
     }
 
+  if (recurse)
+    {
+      if (bit_flags == FTS_PHYSICAL)
+        {
+          if (dereference == 1)
+            error (EXIT_FAILURE, 0,
+                   _("-R --dereference requires either -H or -L"));
+          dereference = 0;
+        }
+    }
+  else
+    {
+      bit_flags = FTS_PHYSICAL;
+    }
+
   if (reference_file)
     {
       if (mode)
@@ -553,8 +635,8 @@ main (int argc, char **argv)
       root_dev_ino = NULL;
     }
 
-  ok = process_files (argv + optind,
-                      FTS_COMFOLLOW | FTS_PHYSICAL | FTS_DEFER_STAT);
+  bit_flags |= FTS_DEFER_STAT;
+  ok = process_files (argv + optind, bit_flags);
 
   exit (ok ? EXIT_SUCCESS : EXIT_FAILURE);
 }




Information forwarded to bug-coreutils@HIDDEN:
bug#10311; Package coreutils. Full text available.

Message received at 10311 <at> debbugs.gnu.org:


Received: (at 10311) by debbugs.gnu.org; 16 Dec 2011 18:01:00 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Dec 16 13:01:00 2011
Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1Rbc5c-0007Y6-4d
	for submit <at> debbugs.gnu.org; Fri, 16 Dec 2011 13:01:00 -0500
Received: from seven.medozas.de ([188.40.89.202])
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <jengelh@HIDDEN>) id 1Rbc5Z-0007Xz-UQ
	for 10311 <at> debbugs.gnu.org; Fri, 16 Dec 2011 13:00:58 -0500
Received: by seven.medozas.de (Postfix, from userid 25121)
	id 617DB21A08DA; Fri, 16 Dec 2011 18:59:20 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by seven.medozas.de (Postfix) with ESMTP id 2C6C621A08D9;
	Fri, 16 Dec 2011 18:59:20 +0100 (CET)
Date: Fri, 16 Dec 2011 18:59:20 +0100 (CET)
From: Jan Engelhardt <jengelh@HIDDEN>
To: Bob Proulx <bob@HIDDEN>
Subject: Re: bug#10311: RFE: Give chmod a "-h" option as well
In-Reply-To: <20111216173005.GA20973@HIDDEN>
Message-ID: <alpine.LNX.2.01.1112161854080.3387@HIDDEN>
References: <alpine.LNX.2.01.1112161721430.6649@HIDDEN>
	<20111216173005.GA20973@HIDDEN>
User-Agent: Alpine 2.01 (LNX 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Score: -4.3 (----)
X-Debbugs-Envelope-To: 10311
Cc: 10311 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -4.0 (----)


On Friday 2011-12-16 18:30, Bob Proulx wrote:
>
>chmod -R [does not] by default dereference[s] symlinks.

It does not? Oh, in that case the report may be closed.

This behavior is however inconsistent with what chown (and many other
tools) do by default though.




Information forwarded to bug-coreutils@HIDDEN:
bug#10311; Package coreutils. Full text available.
Severity set to 'wishlist' from 'normal' Request was from Bob Proulx <bob@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at 10311 <at> debbugs.gnu.org:


Received: (at 10311) by debbugs.gnu.org; 16 Dec 2011 17:31:47 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Dec 16 12:31:46 2011
Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1RbbdK-00066G-Ed
	for submit <at> debbugs.gnu.org; Fri, 16 Dec 2011 12:31:46 -0500
Received: from joseki.proulx.com ([216.17.153.58])
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <bob@HIDDEN>)
	id 1RbbdG-000663-P7; Fri, 16 Dec 2011 12:31:44 -0500
Received: from hysteria.proulx.com (hysteria.proulx.com [192.168.230.119])
	by joseki.proulx.com (Postfix) with ESMTP id B2A08211D1;
	Fri, 16 Dec 2011 10:30:05 -0700 (MST)
Received: by hysteria.proulx.com (Postfix, from userid 1000)
	id 7BDF52DCD7; Fri, 16 Dec 2011 10:30:05 -0700 (MST)
Date: Fri, 16 Dec 2011 10:30:05 -0700
From: Bob Proulx <bob@HIDDEN>
To: Jan Engelhardt <jengelh@HIDDEN>
Subject: Re: bug#10311: RFE: Give chmod a "-h" option as well
Message-ID: <20111216173005.GA20973@HIDDEN>
References: <alpine.LNX.2.01.1112161721430.6649@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <alpine.LNX.2.01.1112161721430.6649@HIDDEN>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Spam-Score: -2.5 (--)
X-Debbugs-Envelope-To: 10311
Cc: 10311 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -2.5 (--)

severity 10311 wishlist
thanks

Jan Engelhardt wrote:
> Give chmod a "-h" option as well

There are several important points concerning symlinks, the mode bits,
chmod(1) and chmod(2).

* The mode bits of a symlink are not used.  The original Unix authors
  ignored them and did not provide any way to change them.

* The mode bits of a symlink are set when they are created and never
  modified nor used after that time.

* Some operating systems do allow symlink mode bits to be set but that
  feature is not wide spread.

Since the mode bits of a symlink are not in any way significant there
isn't any urgent need to change them.  The displayed value is
completely cosmetic and without function.  This is an FAQ.

  http://www.gnu.org/software/coreutils/faq/#How-do-I-change-the-ownership-or-permissions-of-a-symlink_003f

> chown(1) has a -h option by which it affects symlinks directly rather

The chown(1) command can do this because the lchown(2) operating
system call exists which provides that functionality.  But there
isn't any equivalent lchmod(2) function call.  If an lchown(2) system
call were to exist then adding an option to chmod(1) would be possible.

I have always considered this inconsistent that lchown(2) exists
without lchmod(2) existing.  But I was not consulted in the
implementation.  Likewise creat(2) is missing the 'e'.  It is just the
way things are.  A small number of those inconsistencies must be
accepted after 40 years of use.

The ability to set the mode bits of a symlink have never been
implemented without the lchmod(2) system call because in order to
change the mode bits of a symlink it would be necessary to remove the
previous one and then create a new one with the desired mode bits by
specifying the umask at time of creation.  This would have other
serious negative side-effects not commensurate with the cosmetic value
of the display of the mode bits since the mode bits are never used.
The ownership and group would then be that of the creating process.
There would need to be special care taken such that at no time would
any other process find that the symlink had been removed during this
removal and creation process.

> Attempting chmod -R g+w /home/groups/evilgroup is still a risk, and
> would necessity a more long-winded command involving find(1). It
> would therefore be welcome that chmod receive an -h option that just
> skips over them (besides perhaps attempting to change their
> permissions as well).

I am sorry but I did not understand the problem you are describing in
this text.  Neither chmod -R nor find by default dereference symlinks.

Try using chmod's -v option to have it emit messages concerning
actions taken or actions not taken.  I think the output is useful.

Bob




Information forwarded to bug-coreutils@HIDDEN:
bug#10311; Package coreutils. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 16 Dec 2011 16:31:42 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Dec 16 11:31:42 2011
Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1Rbah9-0004iC-Kt
	for submit <at> debbugs.gnu.org; Fri, 16 Dec 2011 11:31:41 -0500
Received: from eggs.gnu.org ([140.186.70.92])
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <jengelh@HIDDEN>) id 1Rbah6-0004i4-Nt
	for submit <at> debbugs.gnu.org; Fri, 16 Dec 2011 11:31:37 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <jengelh@HIDDEN>) id 1RbafU-00017K-IT
	for submit <at> debbugs.gnu.org; Fri, 16 Dec 2011 11:30:00 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD
	autolearn=unavailable version=3.3.2
Received: from lists.gnu.org ([140.186.70.17]:53096)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jengelh@HIDDEN>) id 1RbafU-00016a-CB
	for submit <at> debbugs.gnu.org; Fri, 16 Dec 2011 11:29:56 -0500
Received: from eggs.gnu.org ([140.186.70.92]:49350)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jengelh@HIDDEN>) id 1RbafT-0007Op-91
	for bug-coreutils@HIDDEN; Fri, 16 Dec 2011 11:29:56 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <jengelh@HIDDEN>) id 1RbafN-00013B-LG
	for bug-coreutils@HIDDEN; Fri, 16 Dec 2011 11:29:55 -0500
Received: from seven.medozas.de ([188.40.89.202]:39590)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jengelh@HIDDEN>) id 1RbafN-00012w-Bh
	for bug-coreutils@HIDDEN; Fri, 16 Dec 2011 11:29:49 -0500
Received: by seven.medozas.de (Postfix, from userid 25121)
	id 5A5BF21A08DA; Fri, 16 Dec 2011 17:29:46 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by seven.medozas.de (Postfix) with ESMTP id 2EFDA21A08D9
	for <bug-coreutils@HIDDEN>; Fri, 16 Dec 2011 17:29:46 +0100 (CET)
Date: Fri, 16 Dec 2011 17:29:46 +0100 (CET)
From: Jan Engelhardt <jengelh@HIDDEN>
To: bug-coreutils@HIDDEN
Subject: RFE: Give chmod a "-h" option as well
Message-ID: <alpine.LNX.2.01.1112161721430.6649@HIDDEN>
User-Agent: Alpine 2.01 (LNX 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-Received-From: 140.186.70.17
X-Spam-Score: -6.0 (------)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
	<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -6.0 (------)

Hi,


chown(1) has a -h option by which it affects symlinks directly rather
than the pointed-to file. The bonus side effect is that the
pointed-to files don't get changed in any way, which is kinda welcome
if you attempt to "fix" permissions/ownership in a directory where an
evil user could create a symlink to e.g. /etc/shadow.

Attempting chmod -R g+w /home/groups/evilgroup is still a risk, and
would necessity a more long-winded command involving find(1). It
would therefore be welcome that chmod receive an -h option that just
skips over them (besides perhaps attempting to change their
permissions as well).




Acknowledgement sent to Jan Engelhardt <jengelh@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-coreutils@HIDDEN. Full text available.
Report forwarded to bug-coreutils@HIDDEN:
bug#10311; Package coreutils. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Fri, 31 Oct 2014 17:00:04 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.