Patch: --drop-suid Remove suid/sgid from target files
Scott Howard
scott at doc.net.au
Tue Mar 12 22:28:43 EST 2002
The attached patch adds an option --drop-suid which caused rsync to drop
setuid/setgid permissions from the destination files.
ie, even if the source file is setuid, the target file will not be.
Added as we want to rsync the same files to machines both inside and outside
our firewalls. For machines inside the firewall some files should be suid,
for machines outside the firewalls they should not be. This option allows
us to maintain one source tree and set if the target will be suid or not
using this option.
Patch also available at http://www.docbert.org/outgoing/rsync-dropsuid.patch
Scott.
-------------- next part --------------
diff -r --unified rsync-2.5.4pre1-orig/flist.c rsync-2.5.4pre1/flist.c
--- rsync-2.5.4pre1-orig/flist.c Thu Feb 14 05:30:27 2002
+++ rsync-2.5.4pre1/flist.c Tue Mar 12 21:57:27 2002
@@ -36,7 +36,9 @@
extern int verbose;
extern int do_progress;
extern int am_server;
+extern int am_sender;
extern int always_checksum;
+extern int drop_suid;
extern int cvs_exclude;
@@ -714,6 +716,10 @@
#ifdef HAVE_STRUCT_STAT_ST_RDEV
file->rdev = st.st_rdev;
#endif
+
+ if (am_sender && drop_suid && S_ISREG(st.st_mode)) {
+ file->mode &= ~(S_ISUID | S_ISGID);
+ }
#if SUPPORT_LINKS
if (S_ISLNK(st.st_mode)) {
diff -r --unified rsync-2.5.4pre1-orig/options.c rsync-2.5.4pre1/options.c
--- rsync-2.5.4pre1-orig/options.c Thu Feb 28 09:49:57 2002
+++ rsync-2.5.4pre1/options.c Tue Mar 12 22:01:45 2002
@@ -31,6 +31,7 @@
int preserve_uid = 0;
int preserve_gid = 0;
int preserve_times = 0;
+int drop_suid = 0;
int update_only = 0;
int cvs_exclude = 0;
int dry_run=0;
@@ -199,6 +200,7 @@
rprintf(F," -g, --group preserve group\n");
rprintf(F," -D, --devices preserve devices (root only)\n");
rprintf(F," -t, --times preserve times\n");
+ rprintf(F," --drop-suid remove setuid/setgid permissions from destination\n");
rprintf(F," -S, --sparse handle sparse files efficiently\n");
rprintf(F," -n, --dry-run show what would have been transferred\n");
rprintf(F," -W, --whole-file copy whole files, no incremental checks\n");
@@ -304,6 +306,7 @@
{"perms", 'p', POPT_ARG_NONE, &preserve_perms},
{"owner", 'o', POPT_ARG_NONE, &preserve_uid},
{"group", 'g', POPT_ARG_NONE, &preserve_gid},
+ {"drop-suid", 0, POPT_ARG_NONE, &drop_suid},
{"devices", 'D', POPT_ARG_NONE, &preserve_devices},
{"times", 't', POPT_ARG_NONE, &preserve_times},
{"checksum", 'c', POPT_ARG_NONE, &always_checksum},
diff -r --unified rsync-2.5.4pre1-orig/rsync.yo rsync-2.5.4pre1/rsync.yo
--- rsync-2.5.4pre1-orig/rsync.yo Thu Feb 7 08:20:49 2002
+++ rsync-2.5.4pre1/rsync.yo Tue Mar 12 22:08:42 2002
@@ -236,6 +236,7 @@
-g, --group preserve group
-D, --devices preserve devices (root only)
-t, --times preserve times
+ --drop-suid remove setuid/setgid permissions from destination
-S, --sparse handle sparse files efficiently
-n, --dry-run show what would have been transferred
-W, --whole-file copy whole files, no incremental checks
@@ -440,6 +441,9 @@
cause the next transfer to behave as if it used -I, and all files will have
their checksums compared and show up in log messages even if they haven't
changed.
+
+dit(bf(--drop-suid)) This option tells rsync to remove setuid and setgid
+permissions from files on the destination.
dit(bf(-n, --dry-run)) This tells rsync to not do any file transfers,
instead it will just report the actions it would have taken.
More information about the rsync
mailing list