samba-bugs at samba.org
2018-Jan-20 13:43 UTC
[Bug 13239] New: "rsync --times" does not keep dirs' setgid bits when user not member of setgid group
https://bugzilla.samba.org/show_bug.cgi?id=13239
Bug ID: 13239
Summary: "rsync --times" does not keep dirs' setgid
bits when
user not member of setgid group
Product: rsync
Version: 3.1.2
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: core
Assignee: wayned at samba.org
Reporter: graud at gmx.com
QA Contact: rsync-qa at samba.org
When copying into a setgid dir, an extra option --times has the unwanted side
effect of making the newly created directories not have the setgid bit set
(and of creating files inside a newly created directory that do not belong to
the setgid group as expected); this happens only if the rsync user is not a
member of the setgid group.
In a shell one can set file times with touch(1) without losing the setgid bit
so rsync should be able to do so too (and if it does not document that).
Small shell script demonstrating the bug:
```log
$ mkdir ~/testdir && cd ~/testdir
$ mkdir -p src/subdir dest
$ touch src/file src/subdir/file
$ chmod 2750 dest
$ sudo chgrp games dest
$ groups |grep games || echo "$USER is not a member of games"
guest is not a member of games
$ ls -lR src
src:
total 4
-rw-r----- 1 guest guest 0 Jan 20 14:09 file
drwxr-x--- 2 guest guest 4096 Jan 20 14:09 subdir
src/subdir:
total 0
-rw-r----- 1 guest guest 0 Jan 20 14:09 file
$ groups |grep games || echo "guest is not a member of games"
guest is not a member of games
## Without --tiles, setgid bit and group set as expected
$ rsync -r src/ dest
$ ls -lR dest
dest:
total 4
-rw-r----- 1 guest games 0 Jan 20 14:16 file
drwxr-s--- 2 guest games 4096 Jan 20 14:16 subdir
dest/subdir:
total 0
-rw-r----- 1 guest games 0 Jan 20 14:16 file
$ rm -rf dest/*
## With --times, missing setgid bit and group inside subdir
$ rsync -rt src/ dest
$ ls -lR dest
dest:
total 4
-rw-r----- 1 guest games 0 Jan 20 14:09 file
drwxr-x--- 2 guest games 4096 Jan 20 14:09 subdir
dest/subdir:
total 0
-rw-r----- 1 guest guest 0 Jan 20 14:09 file
$ rm -rf dest/*
## With --times and --omit-dir-times, setgid bit and group set as expected
$ rsync -rtO src/ dest
$ ls -lR dest
dest:
total 4
-rw-r----- 1 guest games 0 Jan 20 14:09 file
drwxr-s--- 2 guest games 4096 Jan 20 14:20 subdir
dest/subdir:
total 0
-rw-r----- 1 guest games 0 Jan 20 14:09 file
$ rm -rf dest/*
```
The version is 3.1.2 from Debian stretch:
```log
$ rsync --version
rsync version 3.1.2 protocol version 31
Copyright (C) 1996-2015 by Andrew Tridgell, Wayne Davison, and others.
Web site: http://rsync.samba.org/
Capabilities:
64-bit files, 64-bit inums, 64-bit timestamps, 64-bit long ints,
socketpairs, hardlinks, symlinks, IPv6, batchfiles, inplace,
append, ACLs, xattrs, iconv, symtimes, prealloc
rsync comes with ABSOLUTELY NO WARRANTY. This is free software, and you
are welcome to redistribute it under certain conditions. See the GNU
General Public Licence for details.
$ dpkg -l rsync
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture
Description
+++-=============================-===================-===================-==============================================================ii
rsync 3.1.2-1+deb9u1 amd64 fast,
versatile, remote (and local) file-copying tool
```
Regards,
--
GĂ©raud Meyer
--
You are receiving this mail because:
You are the QA Contact for the bug.
samba-bugs at samba.org
2018-Apr-04 11:27 UTC
[Bug 13239] "rsync --times" does not keep dirs' setgid bits when user not member of setgid group
https://bugzilla.samba.org/show_bug.cgi?id=13239
--- Comment #1 from Dave Gordon <dg32768 at zoho.eu> ---
Root cause here is that in some modes rsync will create a directory first, then
later go back and fix up its modes. This is necessary if (for example) the
final modes prevent writing by the owner, and convenient in some other cases,
in particular when preserving directory times. However, Linux will not allow a
user to set OR LEAVE SET the setgid bit if the user is not a member of the
group associated with the object, EVEN THOUGH it can implicitly create such a
thing. Thus:
$ mkdir setgid-dir
$ chmod g+s setgid-dir
$ sudo chgrp games setgid-dir # need root permission here!
$ touch setgid-dir/file
$ mkdir setgid-dir/subdir
$ ls -la setgid-dir/
total 12
drwxrwsr-x 3 guest games 4096 Apr 4 11:35 ./
drwxrwxr-x 6 guest guest 4096 Apr 4 11:34 ../
drwxrwsr-x 2 guest games 4096 Apr 4 11:35 subdir/
-rw-rw-r-- 1 guest games 0 Apr 4 11:35 file
$ # Note that subdir has been created setgid with gid=games even
$ # though user 'guest' could not set that combination explicitly
$ chmod o+w setgid-dir/*
$ ls -la setgid-dir/
total 12
drwxrwsr-x 3 guest games 4096 Apr 4 11:35 .
drwxrwxr-x 6 guest guest 4096 Apr 4 11:34 ..
drwxrwxrwx 2 guest games 4096 Apr 4 11:35 subdir/
-rw-rw-rw- 1 guest games 0 Apr 4 11:35 file
$ # Note that subdir is no longer setgid!
Arguably, this is a misfeature of the chmod(2) system call:
If the calling process is not privileged, and the group of the
file does not match the effective group ID of the process or
one of its supplementary group IDs, the S_ISGID bit will be
turned off, but this will not cause an error to be returned.
which is obviously sensible for (executable) files, but not necessarily for
directories, where setgid means something completely different.
Anyway, in the --omit-dir-times case rsync creates the directory with the
default modes (and the OS implicitly adds the setgid bit) and doesn't have
to
call chmod(2) later, whereas in the --times case the directory is created with
modes 0700 (to which the OS adds the setgid bit) and then later rsync calls
chmod("subdir", 02750)
which results in the setgid bit being cleared!
HTH,
.Dave.
--
You are receiving this mail because:
You are the QA Contact for the bug.