Patch: --drop-suid Remove suid/sgid from target files

Scott Howard scott at doc.net.au
Tue Mar 12 22:28:43 EST 2002 

The attached patch adds an option  --drop-suid  which caused rsync to drop
setuid/setgid permissions from the destination files.

ie, even if the source file is setuid, the target file will not be.

Added as we want to rsync the same files to machines both inside and outside
our firewalls. For machines inside the firewall some files should be suid,
for machines outside the firewalls they should not be. This option allows
us to maintain one source tree and set if the target will be suid or not
using this option.

Patch also available at http://www.docbert.org/outgoing/rsync-dropsuid.patch

  Scott.

-------------- next part --------------
diff -r --unified rsync-2.5.4pre1-orig/flist.c rsync-2.5.4pre1/flist.c
--- rsync-2.5.4pre1-orig/flist.c	Thu Feb 14 05:30:27 2002
+++ rsync-2.5.4pre1/flist.c	Tue Mar 12 21:57:27 2002
@@ -36,7 +36,9 @@
 extern int verbose;
 extern int do_progress;
 extern int am_server;
+extern int am_sender;
 extern int always_checksum;
+extern int drop_suid;
 
 extern int cvs_exclude;
 
@@ -714,6 +716,10 @@
 #ifdef HAVE_STRUCT_STAT_ST_RDEV
 	file->rdev = st.st_rdev;
 #endif
+
+	if (am_sender && drop_suid && S_ISREG(st.st_mode)) {
+		file->mode &= ~(S_ISUID | S_ISGID);
+	}
 
 #if SUPPORT_LINKS
 	if (S_ISLNK(st.st_mode)) {
diff -r --unified rsync-2.5.4pre1-orig/options.c rsync-2.5.4pre1/options.c
--- rsync-2.5.4pre1-orig/options.c	Thu Feb 28 09:49:57 2002
+++ rsync-2.5.4pre1/options.c	Tue Mar 12 22:01:45 2002
@@ -31,6 +31,7 @@
 int preserve_uid = 0;
 int preserve_gid = 0;
 int preserve_times = 0;
+int drop_suid = 0;
 int update_only = 0;
 int cvs_exclude = 0;
 int dry_run=0;
@@ -199,6 +200,7 @@
   rprintf(F," -g, --group                 preserve group\n");
   rprintf(F," -D, --devices               preserve devices (root only)\n");
   rprintf(F," -t, --times                 preserve times\n");  
+  rprintf(F,"     --drop-suid             remove setuid/setgid permissions from destination\n");  
   rprintf(F," -S, --sparse                handle sparse files efficiently\n");
   rprintf(F," -n, --dry-run               show what would have been transferred\n");
   rprintf(F," -W, --whole-file            copy whole files, no incremental checks\n");
@@ -304,6 +306,7 @@
   {"perms",           'p', POPT_ARG_NONE,   &preserve_perms},
   {"owner",           'o', POPT_ARG_NONE,   &preserve_uid},
   {"group",           'g', POPT_ARG_NONE,   &preserve_gid},
+  {"drop-suid",        0,  POPT_ARG_NONE,   &drop_suid},
   {"devices",         'D', POPT_ARG_NONE,   &preserve_devices},
   {"times",           't', POPT_ARG_NONE,   &preserve_times},
   {"checksum",        'c', POPT_ARG_NONE,   &always_checksum},
diff -r --unified rsync-2.5.4pre1-orig/rsync.yo rsync-2.5.4pre1/rsync.yo
--- rsync-2.5.4pre1-orig/rsync.yo	Thu Feb  7 08:20:49 2002
+++ rsync-2.5.4pre1/rsync.yo	Tue Mar 12 22:08:42 2002
@@ -236,6 +236,7 @@
  -g, --group                 preserve group
  -D, --devices               preserve devices (root only)
  -t, --times                 preserve times
+     --drop-suid             remove setuid/setgid permissions from destination
  -S, --sparse                handle sparse files efficiently
  -n, --dry-run               show what would have been transferred
  -W, --whole-file            copy whole files, no incremental checks
@@ -440,6 +441,9 @@
 cause the next transfer to behave as if it used -I, and all files will have
 their checksums compared and show up in log messages even if they haven't
 changed.
+
+dit(bf(--drop-suid)) This option tells rsync to remove setuid and setgid
+permissions from files on the destination.
 
 dit(bf(-n, --dry-run)) This tells rsync to not do any file transfers,
 instead it will just report the actions it would have taken.

More information about the rsync mailing list