Patch: --drop-suid Remove suid/sgid from target files
Dave Dykstra
dwd at bell-labs.com
Wed Mar 13 09:23:48 EST 2002
If we would add an option to do that functionality, I would vote for one
that was more general which could mask off any set of permission bits and
possibly add any set of bits. Perhaps a chmod-like syntax if it could be
implemented simply.
- Dave
On Tue, Mar 12, 2002 at 10:28:43PM +1100, Scott Howard wrote:
>
> The attached patch adds an option --drop-suid which caused rsync to drop
> setuid/setgid permissions from the destination files.
>
> ie, even if the source file is setuid, the target file will not be.
>
> Added as we want to rsync the same files to machines both inside and outside
> our firewalls. For machines inside the firewall some files should be suid,
> for machines outside the firewalls they should not be. This option allows
> us to maintain one source tree and set if the target will be suid or not
> using this option.
>
> Patch also available at http://www.docbert.org/outgoing/rsync-dropsuid.patch
>
> Scott.
>
> diff -r --unified rsync-2.5.4pre1-orig/flist.c rsync-2.5.4pre1/flist.c
> --- rsync-2.5.4pre1-orig/flist.c Thu Feb 14 05:30:27 2002
> +++ rsync-2.5.4pre1/flist.c Tue Mar 12 21:57:27 2002
> @@ -36,7 +36,9 @@
> extern int verbose;
> extern int do_progress;
> extern int am_server;
> +extern int am_sender;
> extern int always_checksum;
> +extern int drop_suid;
>
> extern int cvs_exclude;
>
> @@ -714,6 +716,10 @@
> #ifdef HAVE_STRUCT_STAT_ST_RDEV
> file->rdev = st.st_rdev;
> #endif
> +
> + if (am_sender && drop_suid && S_ISREG(st.st_mode)) {
> + file->mode &= ~(S_ISUID | S_ISGID);
> + }
>
> #if SUPPORT_LINKS
> if (S_ISLNK(st.st_mode)) {
> diff -r --unified rsync-2.5.4pre1-orig/options.c rsync-2.5.4pre1/options.c
> --- rsync-2.5.4pre1-orig/options.c Thu Feb 28 09:49:57 2002
> +++ rsync-2.5.4pre1/options.c Tue Mar 12 22:01:45 2002
> @@ -31,6 +31,7 @@
> int preserve_uid = 0;
> int preserve_gid = 0;
> int preserve_times = 0;
> +int drop_suid = 0;
> int update_only = 0;
> int cvs_exclude = 0;
> int dry_run=0;
> @@ -199,6 +200,7 @@
> rprintf(F," -g, --group preserve group\n");
> rprintf(F," -D, --devices preserve devices (root only)\n");
> rprintf(F," -t, --times preserve times\n");
> + rprintf(F," --drop-suid remove setuid/setgid permissions from destination\n");
> rprintf(F," -S, --sparse handle sparse files efficiently\n");
> rprintf(F," -n, --dry-run show what would have been transferred\n");
> rprintf(F," -W, --whole-file copy whole files, no incremental checks\n");
> @@ -304,6 +306,7 @@
> {"perms", 'p', POPT_ARG_NONE, &preserve_perms},
> {"owner", 'o', POPT_ARG_NONE, &preserve_uid},
> {"group", 'g', POPT_ARG_NONE, &preserve_gid},
> + {"drop-suid", 0, POPT_ARG_NONE, &drop_suid},
> {"devices", 'D', POPT_ARG_NONE, &preserve_devices},
> {"times", 't', POPT_ARG_NONE, &preserve_times},
> {"checksum", 'c', POPT_ARG_NONE, &always_checksum},
> diff -r --unified rsync-2.5.4pre1-orig/rsync.yo rsync-2.5.4pre1/rsync.yo
> --- rsync-2.5.4pre1-orig/rsync.yo Thu Feb 7 08:20:49 2002
> +++ rsync-2.5.4pre1/rsync.yo Tue Mar 12 22:08:42 2002
> @@ -236,6 +236,7 @@
> -g, --group preserve group
> -D, --devices preserve devices (root only)
> -t, --times preserve times
> + --drop-suid remove setuid/setgid permissions from destination
> -S, --sparse handle sparse files efficiently
> -n, --dry-run show what would have been transferred
> -W, --whole-file copy whole files, no incremental checks
> @@ -440,6 +441,9 @@
> cause the next transfer to behave as if it used -I, and all files will have
> their checksums compared and show up in log messages even if they haven't
> changed.
> +
> +dit(bf(--drop-suid)) This option tells rsync to remove setuid and setgid
> +permissions from files on the destination.
>
> dit(bf(-n, --dry-run)) This tells rsync to not do any file transfers,
> instead it will just report the actions it would have taken.
More information about the rsync
mailing list