The attached patch adds an option --drop-suid which caused rsync to drop
setuid/setgid permissions from the destination files.
ie, even if the source file is setuid, the target file will not be.
Added as we want to rsync the same files to machines both inside and outside
our firewalls. For machines inside the firewall some files should be suid,
for machines outside the firewalls they should not be. This option allows
us to maintain one source tree and set if the target will be suid or not
using this option.
Patch also available at http://www.docbert.org/outgoing/rsync-dropsuid.patch
Scott.
-------------- next part --------------
diff -r --unified rsync-2.5.4pre1-orig/flist.c rsync-2.5.4pre1/flist.c
--- rsync-2.5.4pre1-orig/flist.c Thu Feb 14 05:30:27 2002
+++ rsync-2.5.4pre1/flist.c Tue Mar 12 21:57:27 2002
@@ -36,7 +36,9 @@
extern int verbose;
extern int do_progress;
extern int am_server;
+extern int am_sender;
extern int always_checksum;
+extern int drop_suid;
extern int cvs_exclude;
@@ -714,6 +716,10 @@
#ifdef HAVE_STRUCT_STAT_ST_RDEV
file->rdev = st.st_rdev;
#endif
+
+ if (am_sender && drop_suid && S_ISREG(st.st_mode)) {
+ file->mode &= ~(S_ISUID | S_ISGID);
+ }
#if SUPPORT_LINKS
if (S_ISLNK(st.st_mode)) {
diff -r --unified rsync-2.5.4pre1-orig/options.c rsync-2.5.4pre1/options.c
--- rsync-2.5.4pre1-orig/options.c Thu Feb 28 09:49:57 2002
+++ rsync-2.5.4pre1/options.c Tue Mar 12 22:01:45 2002
@@ -31,6 +31,7 @@
int preserve_uid = 0;
int preserve_gid = 0;
int preserve_times = 0;
+int drop_suid = 0;
int update_only = 0;
int cvs_exclude = 0;
int dry_run=0;
@@ -199,6 +200,7 @@
rprintf(F," -g, --group preserve group\n");
rprintf(F," -D, --devices preserve devices (root
only)\n");
rprintf(F," -t, --times preserve times\n");
+ rprintf(F," --drop-suid remove setuid/setgid permissions
from destination\n");
rprintf(F," -S, --sparse handle sparse files
efficiently\n");
rprintf(F," -n, --dry-run show what would have been
transferred\n");
rprintf(F," -W, --whole-file copy whole files, no incremental
checks\n");
@@ -304,6 +306,7 @@
{"perms", 'p', POPT_ARG_NONE,
&preserve_perms},
{"owner", 'o', POPT_ARG_NONE,
&preserve_uid},
{"group", 'g', POPT_ARG_NONE,
&preserve_gid},
+ {"drop-suid", 0, POPT_ARG_NONE, &drop_suid},
{"devices", 'D', POPT_ARG_NONE,
&preserve_devices},
{"times", 't', POPT_ARG_NONE,
&preserve_times},
{"checksum", 'c', POPT_ARG_NONE,
&always_checksum},
diff -r --unified rsync-2.5.4pre1-orig/rsync.yo rsync-2.5.4pre1/rsync.yo
--- rsync-2.5.4pre1-orig/rsync.yo Thu Feb 7 08:20:49 2002
+++ rsync-2.5.4pre1/rsync.yo Tue Mar 12 22:08:42 2002
@@ -236,6 +236,7 @@
-g, --group preserve group
-D, --devices preserve devices (root only)
-t, --times preserve times
+ --drop-suid remove setuid/setgid permissions from destination
-S, --sparse handle sparse files efficiently
-n, --dry-run show what would have been transferred
-W, --whole-file copy whole files, no incremental checks
@@ -440,6 +441,9 @@
cause the next transfer to behave as if it used -I, and all files will have
their checksums compared and show up in log messages even if they haven't
changed.
+
+dit(bf(--drop-suid)) This option tells rsync to remove setuid and setgid
+permissions from files on the destination.
dit(bf(-n, --dry-run)) This tells rsync to not do any file transfers,
instead it will just report the actions it would have taken.
If we would add an option to do that functionality, I would vote for one that was more general which could mask off any set of permission bits and possibly add any set of bits. Perhaps a chmod-like syntax if it could be implemented simply. - Dave On Tue, Mar 12, 2002 at 10:28:43PM +1100, Scott Howard wrote:> > The attached patch adds an option --drop-suid which caused rsync to drop > setuid/setgid permissions from the destination files. > > ie, even if the source file is setuid, the target file will not be. > > Added as we want to rsync the same files to machines both inside and outside > our firewalls. For machines inside the firewall some files should be suid, > for machines outside the firewalls they should not be. This option allows > us to maintain one source tree and set if the target will be suid or not > using this option. > > Patch also available at http://www.docbert.org/outgoing/rsync-dropsuid.patch > > Scott. >> diff -r --unified rsync-2.5.4pre1-orig/flist.c rsync-2.5.4pre1/flist.c > --- rsync-2.5.4pre1-orig/flist.c Thu Feb 14 05:30:27 2002 > +++ rsync-2.5.4pre1/flist.c Tue Mar 12 21:57:27 2002 > @@ -36,7 +36,9 @@ > extern int verbose; > extern int do_progress; > extern int am_server; > +extern int am_sender; > extern int always_checksum; > +extern int drop_suid; > > extern int cvs_exclude; > > @@ -714,6 +716,10 @@ > #ifdef HAVE_STRUCT_STAT_ST_RDEV > file->rdev = st.st_rdev; > #endif > + > + if (am_sender && drop_suid && S_ISREG(st.st_mode)) { > + file->mode &= ~(S_ISUID | S_ISGID); > + } > > #if SUPPORT_LINKS > if (S_ISLNK(st.st_mode)) { > diff -r --unified rsync-2.5.4pre1-orig/options.c rsync-2.5.4pre1/options.c > --- rsync-2.5.4pre1-orig/options.c Thu Feb 28 09:49:57 2002 > +++ rsync-2.5.4pre1/options.c Tue Mar 12 22:01:45 2002 > @@ -31,6 +31,7 @@ > int preserve_uid = 0; > int preserve_gid = 0; > int preserve_times = 0; > +int drop_suid = 0; > int update_only = 0; > int cvs_exclude = 0; > int dry_run=0; > @@ -199,6 +200,7 @@ > rprintf(F," -g, --group preserve group\n"); > rprintf(F," -D, --devices preserve devices (root only)\n"); > rprintf(F," -t, --times preserve times\n"); > + rprintf(F," --drop-suid remove setuid/setgid permissions from destination\n"); > rprintf(F," -S, --sparse handle sparse files efficiently\n"); > rprintf(F," -n, --dry-run show what would have been transferred\n"); > rprintf(F," -W, --whole-file copy whole files, no incremental checks\n"); > @@ -304,6 +306,7 @@ > {"perms", 'p', POPT_ARG_NONE, &preserve_perms}, > {"owner", 'o', POPT_ARG_NONE, &preserve_uid}, > {"group", 'g', POPT_ARG_NONE, &preserve_gid}, > + {"drop-suid", 0, POPT_ARG_NONE, &drop_suid}, > {"devices", 'D', POPT_ARG_NONE, &preserve_devices}, > {"times", 't', POPT_ARG_NONE, &preserve_times}, > {"checksum", 'c', POPT_ARG_NONE, &always_checksum}, > diff -r --unified rsync-2.5.4pre1-orig/rsync.yo rsync-2.5.4pre1/rsync.yo > --- rsync-2.5.4pre1-orig/rsync.yo Thu Feb 7 08:20:49 2002 > +++ rsync-2.5.4pre1/rsync.yo Tue Mar 12 22:08:42 2002 > @@ -236,6 +236,7 @@ > -g, --group preserve group > -D, --devices preserve devices (root only) > -t, --times preserve times > + --drop-suid remove setuid/setgid permissions from destination > -S, --sparse handle sparse files efficiently > -n, --dry-run show what would have been transferred > -W, --whole-file copy whole files, no incremental checks > @@ -440,6 +441,9 @@ > cause the next transfer to behave as if it used -I, and all files will have > their checksums compared and show up in log messages even if they haven't > changed. > + > +dit(bf(--drop-suid)) This option tells rsync to remove setuid and setgid > +permissions from files on the destination. > > dit(bf(-n, --dry-run)) This tells rsync to not do any file transfers, > instead it will just report the actions it would have taken.
On 12 Mar 2002, Dave Dykstra <dwd@bell-labs.com> wrote:> If we would add an option to do that functionality, I would vote for one > that was more general which could mask off any set of permission bits and > possibly add any set of bits. Perhaps a chmod-like syntax if it could be > implemented simply.I think that would be good too. For example, people uploading files to a web server might like to say rsync -avzP --chmod a+rX ./ sourcefrog.net:/home/www/sourcefrog/ Ideally the patch would implement as many of the gnu chmod semantics as possible. I think the mode parser should be a separate function that passes back something like (mask,set) description to the rest of the program. For bonus points there would be a test case for the parser. -- Martin