[Bug 13239] "rsync --times" does not keep dirs' setgid bits when user not member of setgid group

samba-bugs at samba.org samba-bugs at samba.org
Wed Apr 4 11:27:38 UTC 2018 

https://bugzilla.samba.org/show_bug.cgi?id=13239

--- Comment #1 from Dave Gordon <dg32768 at zoho.eu> ---
Root cause here is that in some modes rsync will create a directory first, then
later go back and fix up its modes. This is necessary if (for example) the
final modes prevent writing by the owner, and convenient in some other cases,
in particular when preserving directory times. However, Linux will not allow a
user to set OR LEAVE SET the setgid bit if the user is not a member of the
group associated with the object, EVEN THOUGH it can implicitly create such a
thing. Thus:

$ mkdir setgid-dir
$ chmod g+s setgid-dir
$ sudo chgrp games setgid-dir # need root permission here!
$ touch setgid-dir/file
$ mkdir setgid-dir/subdir
$ ls -la setgid-dir/
total 12
drwxrwsr-x 3 guest games 4096 Apr  4 11:35 ./
drwxrwxr-x 6 guest guest 4096 Apr  4 11:34 ../
drwxrwsr-x 2 guest games 4096 Apr  4 11:35 subdir/
-rw-rw-r-- 1 guest games    0 Apr  4 11:35 file
$ # Note that subdir has been created setgid with gid=games even
$ # though user 'guest' could not set that combination explicitly
$ chmod o+w setgid-dir/*
$ ls -la setgid-dir/
total 12
drwxrwsr-x 3 guest games 4096 Apr  4 11:35 .
drwxrwxr-x 6 guest guest 4096 Apr  4 11:34 ..
drwxrwxrwx 2 guest games 4096 Apr  4 11:35 subdir/
-rw-rw-rw- 1 guest games    0 Apr  4 11:35 file
$ # Note that subdir is no longer setgid!

Arguably, this is a misfeature of the chmod(2) system call:

    If the calling process is not privileged, and the group of the
    file does not match the effective group ID of the process or
    one of its supplementary group IDs, the S_ISGID bit will be
    turned off, but this will not cause an error to be returned.

which is obviously sensible for (executable) files, but not necessarily for
directories, where setgid means something completely different.

Anyway, in the --omit-dir-times case rsync creates the directory with the
default modes (and the OS implicitly adds the setgid bit) and doesn't have to
call chmod(2) later, whereas in the --times case the directory is created with
modes 0700 (to which the OS adds the setgid bit) and then later rsync calls
  chmod("subdir", 02750)
which results in the setgid bit being cleared!

HTH,
.Dave.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

More information about the rsync mailing list