Jon_J._Brewster%Wayne-MTS@um.cc.umich.edu (12/31/88)
The setgid permission on directories under 4.0 controls the group ownership of files created within the directories. If the setgid bit is set, the created file inherits the group ownership of the containing directory. If it is not set, the file inherits the group ownership of the creating process. I.e., with the bit set, it works the way 3.X did... It's documented in the man page for chmod, as well as in the release notes. [[ My thanks to others who have also pointed this out. This is fully explained in the 4.0 Change Notes, section 2.4 (I'm going to have to put a copy next to my Sun when I do Sun-Spots from now on). By the way, I understand that the default semantics (those used without the set group-id bit on) are SVID semantics. To remove a set-gid bit with chmod, one cannot merely "chmod 700". One must use "chmod g-s". --wnl ]]
guy@uunet.uu.net (Guy Harris) (01/13/89)
>If the setgid bit is set, the created file inherits the group ownership >of the containing directory. If it is not set, the file inherits the >group ownership of the creating process. Unless you've mounted the file system with the "grpid" option, which you may want to do when mounting "old" file systems after upgrading to 4.0 (unless you really want to run a big "find" and change the modes of all the directories). >By the way, I understand that the default semantics (those used without >the set group-id bit on) are SVID semantics. They are; they're also the semantics of V6, V7, 4.1BSD, etc.. [[ Only because a process could only be in one group at a time (well, two if you count real and effective separately). --wnl ]] >To remove a set-gid bit with chmod, one cannot merely "chmod 700". >One must use "chmod g-s". For files with mode, say, "rwsr-xr-x", you never could remove *just* the set-GID bit with "chmod 700"; "chmod g-s" is the right way to remove just the set-GID bit in every UNIX version since V7. (The symbolic modes were one of the nice improvements in V7; the only time I use numeric modes any more are when I want to set the mode to 0. The umask was another nice improvement; most of the "chmod"s I do are to turn some specific bits on or off, not to set the mode to some specific value.)
jackal@munsell.UUCP (Phil Hammar) (01/24/89)
In article <801@auspex.UUCP> auspex!guy@uunet.uu.net (Guy Harris) writes: >X-Sun-Spots-Digest: Volume 7, Issue 98, message 8 of 13 > >For files with mode, say, "rwsr-xr-x", you never could remove *just* the >set-GID bit with "chmod 700"; "chmod g-s" is the right way to remove just >the set-GID bit in every UNIX version since V7. Alternatively, one could remove the {set-{UID,GID},sticky} bit with "chmod 0755" if one liked numbers better than letters. (This works under SunOS 3.4.) Phil Hammar Sys Admin for AES, a division of EPPS, a wholly owned subsidiary of Kodak Co ...!{harvard!adelie,bu-cs!encore}!munsell!jackal [[ Yes but things changed under 4.0. Near as I can tell via experimentation, "chmod" now treats directories as a special case. The only way to turn off the setgid bit on a directory is via "chmod g-s ...". I tried "chmod 0755" and it got the sticky bit but not the setgid bit, although it works as expected for a plain file. --wnl ]]
ahl@uunet.uu.net (Tony Landells) (02/01/89)
Moderator's annotation: > ...Near as I can tell via experimentation, "chmod" now treats > directories as a special case. The only way to turn off the setgid > bit on a directory is via "chmod g-s ...". The current behaviour is documented in the manuals. In the SunOS 4.0 Change Notes, section 2.4 (General Software Changes), it describes the new semantics (under the margin label "Group ID for Newly-Created Files), and suggests some options for either bringing your system into line or having a filesystem use the old semantics. As for the behaviour of chmod, chmod(1) says under numerical modes 2000 Set group ID on execution (this bit is ignored if the file is a directory; it may be set or cleared only using symbolic mode). Then there's the User's Guide in the Security Features Guide, which has a little section on "Directories and Set Group ID" ... This is the only documentation I can spot immediately, but I'm sure there was something elsewhere which commented on the need to use symbolic modes to affect directories - it's just a matter of looking for it. [[ I found the parenthetical comment in the chmod manual page a few days after I made that comment. You have to admit, it is pretty well hidden in that manual page. When I initially scanned the manual page, I didn't see it. --wnl ]]