1

I've set the SUID & SGID bit on a folder belonging to user foo with sudo chmod g+s myfolder & sudo chmod u+s myfolder

drwsr-sr-x 24 foo www-data 4,0K Okt 25 16:17 myfolder

Then I went inside and created a folder with sudo mkdir xyz, but the user of the folder gets overwritten with root while the group was protected successfully.

drwxr-sr-x  2 root  www-data 4,0K Okt 25 16:24 xyz

I expect the user to be protected, it should stay at foo after executing sudo mkdir xyz. What have I missed?

Black
  • 1,989
  • 7
  • 28
  • 58
  • is setuid supposed to work to override the owner of the created file in some system? – ilkkachu Oct 25 '22 at 14:53
  • Does this answer your question? [Setting default username and group for files in directory](https://unix.stackexchange.com/questions/99079/setting-default-username-and-group-for-files-in-directory) – roaima Oct 25 '22 at 15:19

2 Answers2

0
  • xyz This doesn't look like a problem because you used sudo
  • which of course should be root instead of foo, and you set chmod g+s myfolder so it's www-data
  • sudo is only used when needed, not for every command, you can try mkdir xyz
山河以无恙
  • 155
  • 7
0

If you are user foo then without the SUID/SGID bits the permissions will work exactly as you seem to want:

ls -ld myfolder myfolder/xyz
drwxr-xr-x 3 foo www-data 4096 Oct 25 16:00 myfolder
drwxr-xr-x 2 foo www-data 4096 Oct 25 16:00 myfolder/xyz/

SUID doesn't apply to directories, so the directory will be created with you as the owner. With SGID the group carries through, even if the creator/owner is not a member of that group.

However, if ACLs are available on the target filesystem you can use them to allow user foo and/or members of group www-data access to the directories regardless of the visible owner and group.

roaima
  • 107,089
  • 14
  • 139
  • 261