Date: Mon, 12 Apr 1999 17:09:58 +0200 From: sthaug@nethelp.no To: brdean@unx.sas.com Cc: freebsd-hackers@freebsd.org Subject: Re: behaviour of open(foo,O_CREAT) in regards to setting 'group' Message-ID: <61811.923929798@verdi.nethelp.no> In-Reply-To: Your message of "Mon, 12 Apr 1999 11:02:18 -0400 (EDT)" References: <199904121502.LAA15248@dean.pc.sas.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Why do we not set the group of the new file to the effective group id
> of the process creating the file? Or, if the set-gid bit is set on
> the directory in which the file is being created, use that over the
> effective gid of the process? (This appears to be the behaviour of
> SVR4.)
This was discussed only a couple of days ago. See the answer from Cy
Schubert to my comment.
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
----------------------------------------------------------------------
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
To: sthaug@nethelp.no
cc: brett@lariat.org, ingham@i-pi.com, security@FreeBSD.ORG
Subject: Re: Interesting problem: chowning files sent via FTP
Date: Sat, 10 Apr 1999 13:34:30 -0700
In message <31184.923728628@verdi.nethelp.no>, sthaug@nethelp.no writes:
> > Is this so? I was under the impression that the default group of a
> > new file was the login group of the creator, as specified in /etc/passwd.
>
> AFAIK, in all BSD versions the default group of a new file is the group
> of the directory it is created in.
>
> > As for the setgid-on-execution bit: there's no documentation on what it
> > does when set on a directory. The chmod(1) man page doesn't say anything.
> > Does it change the group ownership of newly created files?
>
> setgid on a directory is a SYSV-ism (or rather, close to a SVR4-ism). It
> means that the SYSV system in question should follow the BSD semantics
> for files created in this directory, instead of the default SYSV semantics
> (set the group of the file to the effective gid of the creating process).
The SVR4-ism is there because SYSV does not conform to FIPS-151.
FIPS-151 states BSD semantics must be used for newly created files and
directories. FIPS-151 is a US Government standard, if not adhered to
by a vendor, the said system cannot be purchased by agencies of the US
government. That's why SVR4 uses the sgid bit for for directories, to
conform to FIPS-151.
It's all described in Stevens' book on Advanced UNIX Programming.
>
> setgid on a directory works this way at least in Solaris 2 and HP-UX 10.x/
> 11.x.
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Open Systems Group Internet: Cy.Schubert@uumail.gov.bc.ca
ITSD Cy.Schubert@gems8.gov.bc.ca
Province of BC
"e**(i*pi)+1=0"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?61811.923929798>