catalog Info Catalog previous coreutils: Operator Numeric Modes up coreutils: File permissions

coreutils: Directory Setuid and Setgid

 
 27.5 Directories and the Set-User-ID and Set-Group-ID Bits
 ==========================================================
 
 On most systems, if a directory’s set-group-ID bit is set, newly created
 subfiles inherit the same group as the directory, and newly created
 subdirectories inherit the set-group-ID bit of the parent directory.  On
 a few systems, a directory’s set-user-ID bit has a similar effect on the
 ownership of new subfiles and the set-user-ID bits of new
 subdirectories.  These mechanisms let users share files more easily, by
 lessening the need to use ‘chmod’ or ‘chown’ to share new files.
 
    These convenience mechanisms rely on the set-user-ID and set-group-ID
 bits of directories.  If commands like ‘chmod’ and ‘mkdir’ routinely
 cleared these bits on directories, the mechanisms would be less
 convenient and it would be harder to share files.  Therefore, a command
 like ‘chmod’ does not affect the set-user-ID or set-group-ID bits of a
 directory unless the user specifically mentions them in a symbolic mode,
 or uses an operator numeric mode such as ‘=755’, or sets them in a
 numeric mode, or clears them in a numeric mode that has five or more
 octal digits.  For example, on systems that support set-group-ID
 inheritance:
 
      # These commands leave the set-user-ID and
      # set-group-ID bits of the subdirectories alone,
      # so that they retain their default values.
      mkdir A B C
      chmod 755 A
      chmod 0755 B
      chmod u=rwx,go=rx C
      mkdir -m 755 D
      mkdir -m 0755 E
      mkdir -m u=rwx,go=rx F
 
    If you want to try to set these bits, you must mention them
 explicitly in the symbolic or numeric modes, e.g.:
 
      # These commands try to set the set-user-ID
      # and set-group-ID bits of the subdirectories.
      mkdir G
      chmod 6755 G
      chmod +6000 G
      chmod u=rwx,go=rx,a+s G
      mkdir -m 6755 H
      mkdir -m +6000 I
      mkdir -m u=rwx,go=rx,a+s J
 
    If you want to try to clear these bits, you must mention them
 explicitly in a symbolic mode, or use an operator numeric mode, or
 specify a numeric mode with five or more octal digits, e.g.:
 
      # These commands try to clear the set-user-ID
      # and set-group-ID bits of the directory D.
      chmod a-s D
      chmod -6000 D
      chmod =755 D
      chmod 00755 D
 
    This behavior is a GNU extension.  Portable scripts should not rely
 on requests to set or clear these bits on directories, as POSIX allows
 implementations to ignore these requests.  The GNU behavior with numeric
 modes of four or fewer digits is intended for scripts portable to
 systems that preserve these bits; the behavior with numeric modes of
 five or more digits is for scripts portable to systems that do not
 preserve the bits.
catalog Info Catalog previous coreutils: Operator Numeric Modes up coreutils: File permissions