mirror of https://github.com/mkerrisk/man-pages
set-(group|user)-ID fixes
This commit is contained in:
Michael Kerrisk
parent
357cf3fe97
commit
c7400a2caf
4
Changes
4
Changes
|
|
@ -23,6 +23,10 @@ The terms "set-user-ID" and "set-group-ID" are now used consistently
|
|||
Classical BSD versions are now always named x.yBSD (formerly
|
||||
there was a mix of x.yBSD and BSD x.y).
|
||||
|
||||
uid --> UID
|
||||
gid --> GID
|
||||
id --> ID
|
||||
|
||||
Typographical or grammatical errors have been corrected in several
|
||||
places.
|
||||
|
||||
|
|
|
|||
|
|
@ -70,8 +70,8 @@ general write permission.)
|
|||
.PP
|
||||
A numeric mode is from one to four octal digits (0-7), derived by
|
||||
adding up the bits with values 4, 2, and 1. Any omitted digits are
|
||||
assumed to be leading zeros. The first digit selects the set user ID
|
||||
(4) and set group ID (2) and save text image [`sticky'] (1) attributes.
|
||||
assumed to be leading zeros. The first digit selects the set-user-ID
|
||||
(4) and set-group-ID (2) and save text image [`sticky'] (1) attributes.
|
||||
The second digit selects permissions for the user who owns the file: read
|
||||
(4), write (2), and execute (1); the third selects permissions for
|
||||
other users in the file's group, with the same values; and the fourth
|
||||
|
|
|
|||
|
|
@ -103,14 +103,14 @@ supplementary group IDs, the S_ISGID bit will be turned off,
|
|||
but this will not cause an error to be returned.
|
||||
|
||||
As a security measure, depending on the file system,
|
||||
the set user ID and set group ID execution bits
|
||||
the set-user-ID and set-group-ID execution bits
|
||||
may be turned off if a file is written.
|
||||
(On Linux this occurs if the writing process does not have the
|
||||
.B CAP_FSETID
|
||||
capability.)
|
||||
On some file systems, only the superuser can set the sticky bit,
|
||||
which may have a special meaning.
|
||||
For the sticky bit, and for set user ID and set group ID bits on
|
||||
For the sticky bit, and for set-user-ID and set-group-ID bits on
|
||||
directories, see
|
||||
.BR stat (2).
|
||||
|
||||
|
|
|
|||
|
|
@ -32,12 +32,12 @@ Other mode bits of the created directory depend on the operating system.
|
|||
For Linux, see below.
|
||||
|
||||
The newly created directory will be owned by the effective user ID of the
|
||||
process. If the directory containing the file has the set group ID
|
||||
process. If the directory containing the file has the set-group-ID
|
||||
bit set, or if the filesystem is mounted with BSD group semantics, the
|
||||
new directory will inherit the group ownership from its parent;
|
||||
otherwise it will be owned by the effective group ID of the process.
|
||||
|
||||
If the parent directory has the set group ID bit set then so will the
|
||||
If the parent directory has the set-group-ID bit set then so will the
|
||||
newly created directory.
|
||||
|
||||
.SH "RETURN VALUE"
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ If
|
|||
already exists, or is a symbolic link, this call fails with an EEXIST error.
|
||||
|
||||
The newly created node will be owned by the effective user ID of the
|
||||
process. If the directory containing the node has the set group ID
|
||||
process. If the directory containing the node has the set-group-ID
|
||||
bit set, or if the filesystem is mounted with BSD group semantics, the
|
||||
new node will inherit the group ownership from its parent directory;
|
||||
otherwise it will be owned by the effective group ID of the process.
|
||||
|
|
|
|||
|
|
@ -78,7 +78,7 @@ process's dumpable flag.
|
|||
Set the state of the process's "keep capabilities" flag,
|
||||
which determines whether the process's effective and permitted
|
||||
capability sets are cleared when a change is made to the process's user IDs
|
||||
such that all of the process's real, effective, and saved set user IDs
|
||||
such that all of the process's real, effective, and saved set-user-IDs
|
||||
become non-zero when at least one of them previously had the value 0.
|
||||
(By default, these credential sets are cleared).
|
||||
.I arg2
|
||||
|
|
|
|||
|
|
@ -347,7 +347,7 @@ e000 S_IFWHT w% 160000 BSD whiteout (not used for inode)
|
|||
reserved (SVID-v2)
|
||||
On non-directories: don't cache this file (SunOS)
|
||||
On directories: restricted deletion flag (SVID-v4.2)
|
||||
0400 S_ISGID 002000 set group ID on execution (V7)
|
||||
0400 S_ISGID 002000 set-group-ID on execution (V7)
|
||||
for directories: use BSD semantics for propagation of GID
|
||||
0400 S_ENFMT 002000 SysV file locking enforcement (shared with S_ISGID)
|
||||
0800 S_ISUID 004000 set-user-ID on execution (V7)
|
||||
|
|
|
|||
|
|
@ -146,9 +146,9 @@ A process with effective user ID 0 is allowed to specify values that do
|
|||
not match its own.
|
||||
The sender must specify its own process ID (unless it has the capability
|
||||
.BR CAP_SYS_ADMIN ),
|
||||
its user ID, effective user ID or set user ID (unless it has
|
||||
its user ID, effective user ID, or saved set-user-ID (unless it has
|
||||
.BR CAP_SETUID ),
|
||||
and its group ID, effective group ID or set group ID (unless it has
|
||||
and its group ID, effective group ID, or saved set-group-ID (unless it has
|
||||
.BR CAP_SETGID ).
|
||||
To receive a
|
||||
.B struct ucred
|
||||
|
|
|
|||
Loading…
Reference in New Issue