Permissions remain 2700 after `chmod 0700`

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
6
down vote

favorite
1












Example:



# show starting permissions
% stat -c '%04a' ~/testdir
0700

# change permissions to 2700
% chmod 2700 ~/testdir

# check
% stat -c '%04a' ~/testdir
2700

# so far so good...

# now, change permissions back to 0700
% chmod 0700 ~/testdir

# check
% stat -c '%04a' ~/testdir
2700

# huh???

# try a different tack
% chmod g-w ~/testdir
% stat -c '%04a' ~/testdir
0700


Bug or feature?



Why does chmod 0700 ~/testdir fail to change the permissions from 2700 to 0700?



I've observed the same behavior in several different filesystems. E.g., in the latest one, the relevant line of mount's output is



/dev/sda5 on / type ext4 (rw,relatime,errors=remount-ro,data=ordered)


Also, FWIW



% stat -c '%04a' ~/
0755



permissions chmod




share|improve this question




















  • Are you seeing any permission denied messages? This would be the normal behavior in situations where you may have selinux running.
    – Raman Sailopal
    Nov 9 '17 at 15:49










  • @RamanSailopal: what I show in the question is verbatim output. (IOW: no error messages at all.)
    – kjo
    Nov 9 '17 at 16:02














up vote
6
down vote

favorite
1












Example:



# show starting permissions
% stat -c '%04a' ~/testdir
0700

# change permissions to 2700
% chmod 2700 ~/testdir

# check
% stat -c '%04a' ~/testdir
2700

# so far so good...

# now, change permissions back to 0700
% chmod 0700 ~/testdir

# check
% stat -c '%04a' ~/testdir
2700

# huh???

# try a different tack
% chmod g-w ~/testdir
% stat -c '%04a' ~/testdir
0700


Bug or feature?



Why does chmod 0700 ~/testdir fail to change the permissions from 2700 to 0700?



I've observed the same behavior in several different filesystems. E.g., in the latest one, the relevant line of mount's output is



/dev/sda5 on / type ext4 (rw,relatime,errors=remount-ro,data=ordered)


Also, FWIW



% stat -c '%04a' ~/
0755



permissions chmod




share|improve this question




















  • Are you seeing any permission denied messages? This would be the normal behavior in situations where you may have selinux running.
    – Raman Sailopal
    Nov 9 '17 at 15:49










  • @RamanSailopal: what I show in the question is verbatim output. (IOW: no error messages at all.)
    – kjo
    Nov 9 '17 at 16:02












up vote
6
down vote

favorite
1









up vote
6
down vote

favorite
1






1





Example:



# show starting permissions
% stat -c '%04a' ~/testdir
0700

# change permissions to 2700
% chmod 2700 ~/testdir

# check
% stat -c '%04a' ~/testdir
2700

# so far so good...

# now, change permissions back to 0700
% chmod 0700 ~/testdir

# check
% stat -c '%04a' ~/testdir
2700

# huh???

# try a different tack
% chmod g-w ~/testdir
% stat -c '%04a' ~/testdir
0700


Bug or feature?



Why does chmod 0700 ~/testdir fail to change the permissions from 2700 to 0700?



I've observed the same behavior in several different filesystems. E.g., in the latest one, the relevant line of mount's output is



/dev/sda5 on / type ext4 (rw,relatime,errors=remount-ro,data=ordered)


Also, FWIW



% stat -c '%04a' ~/
0755



permissions chmod




share|improve this question












Example:



# show starting permissions
% stat -c '%04a' ~/testdir
0700

# change permissions to 2700
% chmod 2700 ~/testdir

# check
% stat -c '%04a' ~/testdir
2700

# so far so good...

# now, change permissions back to 0700
% chmod 0700 ~/testdir

# check
% stat -c '%04a' ~/testdir
2700

# huh???

# try a different tack
% chmod g-w ~/testdir
% stat -c '%04a' ~/testdir
0700


Bug or feature?



Why does chmod 0700 ~/testdir fail to change the permissions from 2700 to 0700?



I've observed the same behavior in several different filesystems. E.g., in the latest one, the relevant line of mount's output is



/dev/sda5 on / type ext4 (rw,relatime,errors=remount-ro,data=ordered)


Also, FWIW



% stat -c '%04a' ~/
0755




permissions chmod





share|improve this question











share|improve this question




share|improve this question










asked Nov 9 '17 at 15:44









kjo

3,85873458




3,85873458











  • Are you seeing any permission denied messages? This would be the normal behavior in situations where you may have selinux running.
    – Raman Sailopal
    Nov 9 '17 at 15:49










  • @RamanSailopal: what I show in the question is verbatim output. (IOW: no error messages at all.)
    – kjo
    Nov 9 '17 at 16:02
















  • Are you seeing any permission denied messages? This would be the normal behavior in situations where you may have selinux running.
    – Raman Sailopal
    Nov 9 '17 at 15:49










  • @RamanSailopal: what I show in the question is verbatim output. (IOW: no error messages at all.)
    – kjo
    Nov 9 '17 at 16:02















Are you seeing any permission denied messages? This would be the normal behavior in situations where you may have selinux running.
– Raman Sailopal
Nov 9 '17 at 15:49




Are you seeing any permission denied messages? This would be the normal behavior in situations where you may have selinux running.
– Raman Sailopal
Nov 9 '17 at 15:49












@RamanSailopal: what I show in the question is verbatim output. (IOW: no error messages at all.)
– kjo
Nov 9 '17 at 16:02




@RamanSailopal: what I show in the question is verbatim output. (IOW: no error messages at all.)
– kjo
Nov 9 '17 at 16:02










3 Answers
3






active

oldest

votes

















up vote
20
down vote



accepted










Assuming you’re using GNU chmod, this is documented in the manpage:




chmod preserves a directory's set-user-ID and set-group-ID bits unless you explicitly specify otherwise.
You can set or clear the bits with symbolic modes like u+s and g-s, and you can set (but not clear) the
bits with a numeric mode.




This is allowed in POSIX:




For each bit set in the octal number, the corresponding file permission bit shown in the following table shall be set; all other file permission bits shall be cleared. For regular files, for each bit set in the octal number corresponding to the set-user-ID-on-execution or the set-group-ID-on-execution, bits shown in the following table shall be set; if these bits are not set in the octal number, they are cleared. For other file types, it is implementation-defined whether or not requests to set or clear the set-user-ID-on-execution or set-group-ID-on-execution bits are honored.




The reasoning for the behaviour in GNU chmod is given in the release notes for coreutils 6.0:




chmod, install, and mkdir now preserve a directory's set-user-ID and
set-group-ID bits unless you explicitly request otherwise. E.g.,
chmod 755 DIR and chmod u=rwx,go=rx DIR now preserve DIR's
set-user-ID and set-group-ID bits instead of clearing them, and
similarly for mkdir -m 755 DIR and mkdir -m u=rwx,go=rx DIR. To
clear the bits, mention them explicitly in a symbolic mode, e.g.,
mkdir -m u=rwx,go=rx,-s DIR. To set them, mention them explicitly
in either a symbolic or a numeric mode, e.g., mkdir -m 2755 DIR,
mkdir -m u=rwx,go=rx,g+s DIR. This change is for convenience on
systems where these bits inherit from parents. Unfortunately other
operating systems are not consistent here, and portable scripts
cannot assume the bits are set, cleared, or preserved, even when the
bits are explicitly mentioned. For example, OpenBSD 3.9 mkdir -m 777 D preserves D's setgid bit but chmod 777 D clears it.
Conversely, Solaris 10 mkdir -m 777 D, mkdir -m g-s D, and
chmod 0777 D all preserve D's setgid bit, and you must use
something like chmod g-s D to clear it.




There’s more on the topic in #8391, including the further rationale that the leading 0 is ambiguous (it could indicate either cleared bits, or an octal value, in the user’s mind). The coreutils manual also has a dedicated section, Directories and the Set-User-ID and Set-Group-ID Bits; this reveals that there are GNU extensions to allow clearing the bits in question:



chmod =700 ~/testdir
chmod 00700 ~/testdir


both clear the bits (but are non-portable).






share|improve this answer






















  • Thanks! Unfortunately, the documentation doesn't make the behavior look any less capricious... Would you happen to know why GNU chmod has this particular policy? IOW, is there any justification for it beyond "POSIX doesn't prohibit it"? Does it provide any benefit?
    – kjo
    Nov 9 '17 at 16:00







  • 1




    I tracked down the rationale, see my update.
    – Stephen Kitt
    Nov 9 '17 at 16:21










  • I agree this is pretty darn capricious and I feel very much like dyking that behavior out.
    – Joshua
    Nov 9 '17 at 17:29






  • 1




    Heh. As someone who frequently uses setuid/setgid directories in situations where their unintended removal would be unfortunate (would prevent services from being able to access data directories they need read access to, granted via group ownership), I'm happy about this. J. Random User is likely to have scripts and habits that refer to "755" or "550" or whatever and not realize that they need to preserve setuid/setgid when mucking around in directories that are intended to be accessible to other accounts via group permissions.
    – Charles Duffy
    Nov 9 '17 at 20:59


















up vote
0
down vote













Try this:




chmod 000700 ~/testdir







share|improve this answer



























    up vote
    -2
    down vote














    show starting permissions



    % stat -c '%04a' ~/testdir
    0700




    ==> OK!



    change permissions to 2700



    % chmod 2700 ~/testdir



    ==> Note that you are setting Group ID!!!



    check



    % stat -c '%04a' ~/testdir
    2700



    ==> OK!



    so far so good...



    now, change permissions back to 0700



    % chmod 0700 ~/testdir



    ==> Again, pls note that you are remove the flag restricted deletion or sticky (not group id).



    check



    % stat -c '%04a' ~/testdir
    2700



    huh???



    try a different tack



    % chmod g-w ~/testdir
    % stat -c '%04a' ~/testdir
    0700



    ===========================================================
    Lastthing, you can use this command to get success:



    chmod 000700 ~/testdir





    share|improve this answer


















    • 1




      I don't think a five minute video is necessary or appropriate here
      – Darren H
      Nov 9 '17 at 21:31










    • Sorry, it is not my intent. That five minute's be caused by my kid issue. I'll fix it later.
      – Tech. Pro
      Nov 10 '17 at 2:25










    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f403543%2fpermissions-remain-2700-after-chmod-0700%23new-answer', 'question_page');

    );

    Post as a guest

















    3 Answers
    3






    active

    oldest

    votes








    3 Answers
    3






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    20
    down vote



    accepted










    Assuming you’re using GNU chmod, this is documented in the manpage:




    chmod preserves a directory's set-user-ID and set-group-ID bits unless you explicitly specify otherwise.
    You can set or clear the bits with symbolic modes like u+s and g-s, and you can set (but not clear) the
    bits with a numeric mode.




    This is allowed in POSIX:




    For each bit set in the octal number, the corresponding file permission bit shown in the following table shall be set; all other file permission bits shall be cleared. For regular files, for each bit set in the octal number corresponding to the set-user-ID-on-execution or the set-group-ID-on-execution, bits shown in the following table shall be set; if these bits are not set in the octal number, they are cleared. For other file types, it is implementation-defined whether or not requests to set or clear the set-user-ID-on-execution or set-group-ID-on-execution bits are honored.




    The reasoning for the behaviour in GNU chmod is given in the release notes for coreutils 6.0:




    chmod, install, and mkdir now preserve a directory's set-user-ID and
    set-group-ID bits unless you explicitly request otherwise. E.g.,
    chmod 755 DIR and chmod u=rwx,go=rx DIR now preserve DIR's
    set-user-ID and set-group-ID bits instead of clearing them, and
    similarly for mkdir -m 755 DIR and mkdir -m u=rwx,go=rx DIR. To
    clear the bits, mention them explicitly in a symbolic mode, e.g.,
    mkdir -m u=rwx,go=rx,-s DIR. To set them, mention them explicitly
    in either a symbolic or a numeric mode, e.g., mkdir -m 2755 DIR,
    mkdir -m u=rwx,go=rx,g+s DIR. This change is for convenience on
    systems where these bits inherit from parents. Unfortunately other
    operating systems are not consistent here, and portable scripts
    cannot assume the bits are set, cleared, or preserved, even when the
    bits are explicitly mentioned. For example, OpenBSD 3.9 mkdir -m 777 D preserves D's setgid bit but chmod 777 D clears it.
    Conversely, Solaris 10 mkdir -m 777 D, mkdir -m g-s D, and
    chmod 0777 D all preserve D's setgid bit, and you must use
    something like chmod g-s D to clear it.




    There’s more on the topic in #8391, including the further rationale that the leading 0 is ambiguous (it could indicate either cleared bits, or an octal value, in the user’s mind). The coreutils manual also has a dedicated section, Directories and the Set-User-ID and Set-Group-ID Bits; this reveals that there are GNU extensions to allow clearing the bits in question:



    chmod =700 ~/testdir
    chmod 00700 ~/testdir


    both clear the bits (but are non-portable).






    share|improve this answer






















    • Thanks! Unfortunately, the documentation doesn't make the behavior look any less capricious... Would you happen to know why GNU chmod has this particular policy? IOW, is there any justification for it beyond "POSIX doesn't prohibit it"? Does it provide any benefit?
      – kjo
      Nov 9 '17 at 16:00







    • 1




      I tracked down the rationale, see my update.
      – Stephen Kitt
      Nov 9 '17 at 16:21










    • I agree this is pretty darn capricious and I feel very much like dyking that behavior out.
      – Joshua
      Nov 9 '17 at 17:29






    • 1




      Heh. As someone who frequently uses setuid/setgid directories in situations where their unintended removal would be unfortunate (would prevent services from being able to access data directories they need read access to, granted via group ownership), I'm happy about this. J. Random User is likely to have scripts and habits that refer to "755" or "550" or whatever and not realize that they need to preserve setuid/setgid when mucking around in directories that are intended to be accessible to other accounts via group permissions.
      – Charles Duffy
      Nov 9 '17 at 20:59















    up vote
    20
    down vote



    accepted










    Assuming you’re using GNU chmod, this is documented in the manpage:




    chmod preserves a directory's set-user-ID and set-group-ID bits unless you explicitly specify otherwise.
    You can set or clear the bits with symbolic modes like u+s and g-s, and you can set (but not clear) the
    bits with a numeric mode.




    This is allowed in POSIX:




    For each bit set in the octal number, the corresponding file permission bit shown in the following table shall be set; all other file permission bits shall be cleared. For regular files, for each bit set in the octal number corresponding to the set-user-ID-on-execution or the set-group-ID-on-execution, bits shown in the following table shall be set; if these bits are not set in the octal number, they are cleared. For other file types, it is implementation-defined whether or not requests to set or clear the set-user-ID-on-execution or set-group-ID-on-execution bits are honored.




    The reasoning for the behaviour in GNU chmod is given in the release notes for coreutils 6.0:




    chmod, install, and mkdir now preserve a directory's set-user-ID and
    set-group-ID bits unless you explicitly request otherwise. E.g.,
    chmod 755 DIR and chmod u=rwx,go=rx DIR now preserve DIR's
    set-user-ID and set-group-ID bits instead of clearing them, and
    similarly for mkdir -m 755 DIR and mkdir -m u=rwx,go=rx DIR. To
    clear the bits, mention them explicitly in a symbolic mode, e.g.,
    mkdir -m u=rwx,go=rx,-s DIR. To set them, mention them explicitly
    in either a symbolic or a numeric mode, e.g., mkdir -m 2755 DIR,
    mkdir -m u=rwx,go=rx,g+s DIR. This change is for convenience on
    systems where these bits inherit from parents. Unfortunately other
    operating systems are not consistent here, and portable scripts
    cannot assume the bits are set, cleared, or preserved, even when the
    bits are explicitly mentioned. For example, OpenBSD 3.9 mkdir -m 777 D preserves D's setgid bit but chmod 777 D clears it.
    Conversely, Solaris 10 mkdir -m 777 D, mkdir -m g-s D, and
    chmod 0777 D all preserve D's setgid bit, and you must use
    something like chmod g-s D to clear it.




    There’s more on the topic in #8391, including the further rationale that the leading 0 is ambiguous (it could indicate either cleared bits, or an octal value, in the user’s mind). The coreutils manual also has a dedicated section, Directories and the Set-User-ID and Set-Group-ID Bits; this reveals that there are GNU extensions to allow clearing the bits in question:



    chmod =700 ~/testdir
    chmod 00700 ~/testdir


    both clear the bits (but are non-portable).






    share|improve this answer






















    • Thanks! Unfortunately, the documentation doesn't make the behavior look any less capricious... Would you happen to know why GNU chmod has this particular policy? IOW, is there any justification for it beyond "POSIX doesn't prohibit it"? Does it provide any benefit?
      – kjo
      Nov 9 '17 at 16:00







    • 1




      I tracked down the rationale, see my update.
      – Stephen Kitt
      Nov 9 '17 at 16:21










    • I agree this is pretty darn capricious and I feel very much like dyking that behavior out.
      – Joshua
      Nov 9 '17 at 17:29






    • 1




      Heh. As someone who frequently uses setuid/setgid directories in situations where their unintended removal would be unfortunate (would prevent services from being able to access data directories they need read access to, granted via group ownership), I'm happy about this. J. Random User is likely to have scripts and habits that refer to "755" or "550" or whatever and not realize that they need to preserve setuid/setgid when mucking around in directories that are intended to be accessible to other accounts via group permissions.
      – Charles Duffy
      Nov 9 '17 at 20:59













    up vote
    20
    down vote



    accepted







    up vote
    20
    down vote



    accepted






    Assuming you’re using GNU chmod, this is documented in the manpage:




    chmod preserves a directory's set-user-ID and set-group-ID bits unless you explicitly specify otherwise.
    You can set or clear the bits with symbolic modes like u+s and g-s, and you can set (but not clear) the
    bits with a numeric mode.




    This is allowed in POSIX:




    For each bit set in the octal number, the corresponding file permission bit shown in the following table shall be set; all other file permission bits shall be cleared. For regular files, for each bit set in the octal number corresponding to the set-user-ID-on-execution or the set-group-ID-on-execution, bits shown in the following table shall be set; if these bits are not set in the octal number, they are cleared. For other file types, it is implementation-defined whether or not requests to set or clear the set-user-ID-on-execution or set-group-ID-on-execution bits are honored.




    The reasoning for the behaviour in GNU chmod is given in the release notes for coreutils 6.0:




    chmod, install, and mkdir now preserve a directory's set-user-ID and
    set-group-ID bits unless you explicitly request otherwise. E.g.,
    chmod 755 DIR and chmod u=rwx,go=rx DIR now preserve DIR's
    set-user-ID and set-group-ID bits instead of clearing them, and
    similarly for mkdir -m 755 DIR and mkdir -m u=rwx,go=rx DIR. To
    clear the bits, mention them explicitly in a symbolic mode, e.g.,
    mkdir -m u=rwx,go=rx,-s DIR. To set them, mention them explicitly
    in either a symbolic or a numeric mode, e.g., mkdir -m 2755 DIR,
    mkdir -m u=rwx,go=rx,g+s DIR. This change is for convenience on
    systems where these bits inherit from parents. Unfortunately other
    operating systems are not consistent here, and portable scripts
    cannot assume the bits are set, cleared, or preserved, even when the
    bits are explicitly mentioned. For example, OpenBSD 3.9 mkdir -m 777 D preserves D's setgid bit but chmod 777 D clears it.
    Conversely, Solaris 10 mkdir -m 777 D, mkdir -m g-s D, and
    chmod 0777 D all preserve D's setgid bit, and you must use
    something like chmod g-s D to clear it.




    There’s more on the topic in #8391, including the further rationale that the leading 0 is ambiguous (it could indicate either cleared bits, or an octal value, in the user’s mind). The coreutils manual also has a dedicated section, Directories and the Set-User-ID and Set-Group-ID Bits; this reveals that there are GNU extensions to allow clearing the bits in question:



    chmod =700 ~/testdir
    chmod 00700 ~/testdir


    both clear the bits (but are non-portable).






    share|improve this answer














    Assuming you’re using GNU chmod, this is documented in the manpage:




    chmod preserves a directory's set-user-ID and set-group-ID bits unless you explicitly specify otherwise.
    You can set or clear the bits with symbolic modes like u+s and g-s, and you can set (but not clear) the
    bits with a numeric mode.




    This is allowed in POSIX:




    For each bit set in the octal number, the corresponding file permission bit shown in the following table shall be set; all other file permission bits shall be cleared. For regular files, for each bit set in the octal number corresponding to the set-user-ID-on-execution or the set-group-ID-on-execution, bits shown in the following table shall be set; if these bits are not set in the octal number, they are cleared. For other file types, it is implementation-defined whether or not requests to set or clear the set-user-ID-on-execution or set-group-ID-on-execution bits are honored.




    The reasoning for the behaviour in GNU chmod is given in the release notes for coreutils 6.0:




    chmod, install, and mkdir now preserve a directory's set-user-ID and
    set-group-ID bits unless you explicitly request otherwise. E.g.,
    chmod 755 DIR and chmod u=rwx,go=rx DIR now preserve DIR's
    set-user-ID and set-group-ID bits instead of clearing them, and
    similarly for mkdir -m 755 DIR and mkdir -m u=rwx,go=rx DIR. To
    clear the bits, mention them explicitly in a symbolic mode, e.g.,
    mkdir -m u=rwx,go=rx,-s DIR. To set them, mention them explicitly
    in either a symbolic or a numeric mode, e.g., mkdir -m 2755 DIR,
    mkdir -m u=rwx,go=rx,g+s DIR. This change is for convenience on
    systems where these bits inherit from parents. Unfortunately other
    operating systems are not consistent here, and portable scripts
    cannot assume the bits are set, cleared, or preserved, even when the
    bits are explicitly mentioned. For example, OpenBSD 3.9 mkdir -m 777 D preserves D's setgid bit but chmod 777 D clears it.
    Conversely, Solaris 10 mkdir -m 777 D, mkdir -m g-s D, and
    chmod 0777 D all preserve D's setgid bit, and you must use
    something like chmod g-s D to clear it.




    There’s more on the topic in #8391, including the further rationale that the leading 0 is ambiguous (it could indicate either cleared bits, or an octal value, in the user’s mind). The coreutils manual also has a dedicated section, Directories and the Set-User-ID and Set-Group-ID Bits; this reveals that there are GNU extensions to allow clearing the bits in question:



    chmod =700 ~/testdir
    chmod 00700 ~/testdir


    both clear the bits (but are non-portable).







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Nov 9 '17 at 22:38

























    answered Nov 9 '17 at 15:50









    Stephen Kitt

    143k22312377




    143k22312377











    • Thanks! Unfortunately, the documentation doesn't make the behavior look any less capricious... Would you happen to know why GNU chmod has this particular policy? IOW, is there any justification for it beyond "POSIX doesn't prohibit it"? Does it provide any benefit?
      – kjo
      Nov 9 '17 at 16:00







    • 1




      I tracked down the rationale, see my update.
      – Stephen Kitt
      Nov 9 '17 at 16:21










    • I agree this is pretty darn capricious and I feel very much like dyking that behavior out.
      – Joshua
      Nov 9 '17 at 17:29






    • 1




      Heh. As someone who frequently uses setuid/setgid directories in situations where their unintended removal would be unfortunate (would prevent services from being able to access data directories they need read access to, granted via group ownership), I'm happy about this. J. Random User is likely to have scripts and habits that refer to "755" or "550" or whatever and not realize that they need to preserve setuid/setgid when mucking around in directories that are intended to be accessible to other accounts via group permissions.
      – Charles Duffy
      Nov 9 '17 at 20:59

















    • Thanks! Unfortunately, the documentation doesn't make the behavior look any less capricious... Would you happen to know why GNU chmod has this particular policy? IOW, is there any justification for it beyond "POSIX doesn't prohibit it"? Does it provide any benefit?
      – kjo
      Nov 9 '17 at 16:00







    • 1




      I tracked down the rationale, see my update.
      – Stephen Kitt
      Nov 9 '17 at 16:21










    • I agree this is pretty darn capricious and I feel very much like dyking that behavior out.
      – Joshua
      Nov 9 '17 at 17:29






    • 1




      Heh. As someone who frequently uses setuid/setgid directories in situations where their unintended removal would be unfortunate (would prevent services from being able to access data directories they need read access to, granted via group ownership), I'm happy about this. J. Random User is likely to have scripts and habits that refer to "755" or "550" or whatever and not realize that they need to preserve setuid/setgid when mucking around in directories that are intended to be accessible to other accounts via group permissions.
      – Charles Duffy
      Nov 9 '17 at 20:59
















    Thanks! Unfortunately, the documentation doesn't make the behavior look any less capricious... Would you happen to know why GNU chmod has this particular policy? IOW, is there any justification for it beyond "POSIX doesn't prohibit it"? Does it provide any benefit?
    – kjo
    Nov 9 '17 at 16:00





    Thanks! Unfortunately, the documentation doesn't make the behavior look any less capricious... Would you happen to know why GNU chmod has this particular policy? IOW, is there any justification for it beyond "POSIX doesn't prohibit it"? Does it provide any benefit?
    – kjo
    Nov 9 '17 at 16:00





    1




    1




    I tracked down the rationale, see my update.
    – Stephen Kitt
    Nov 9 '17 at 16:21




    I tracked down the rationale, see my update.
    – Stephen Kitt
    Nov 9 '17 at 16:21












    I agree this is pretty darn capricious and I feel very much like dyking that behavior out.
    – Joshua
    Nov 9 '17 at 17:29




    I agree this is pretty darn capricious and I feel very much like dyking that behavior out.
    – Joshua
    Nov 9 '17 at 17:29




    1




    1




    Heh. As someone who frequently uses setuid/setgid directories in situations where their unintended removal would be unfortunate (would prevent services from being able to access data directories they need read access to, granted via group ownership), I'm happy about this. J. Random User is likely to have scripts and habits that refer to "755" or "550" or whatever and not realize that they need to preserve setuid/setgid when mucking around in directories that are intended to be accessible to other accounts via group permissions.
    – Charles Duffy
    Nov 9 '17 at 20:59





    Heh. As someone who frequently uses setuid/setgid directories in situations where their unintended removal would be unfortunate (would prevent services from being able to access data directories they need read access to, granted via group ownership), I'm happy about this. J. Random User is likely to have scripts and habits that refer to "755" or "550" or whatever and not realize that they need to preserve setuid/setgid when mucking around in directories that are intended to be accessible to other accounts via group permissions.
    – Charles Duffy
    Nov 9 '17 at 20:59













    up vote
    0
    down vote













    Try this:




    chmod 000700 ~/testdir







    share|improve this answer
























      up vote
      0
      down vote













      Try this:




      chmod 000700 ~/testdir







      share|improve this answer






















        up vote
        0
        down vote










        up vote
        0
        down vote









        Try this:




        chmod 000700 ~/testdir







        share|improve this answer












        Try this:




        chmod 000700 ~/testdir








        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 10 '17 at 7:24









        Tech. Pro

        303




        303




















            up vote
            -2
            down vote














            show starting permissions



            % stat -c '%04a' ~/testdir
            0700




            ==> OK!



            change permissions to 2700



            % chmod 2700 ~/testdir



            ==> Note that you are setting Group ID!!!



            check



            % stat -c '%04a' ~/testdir
            2700



            ==> OK!



            so far so good...



            now, change permissions back to 0700



            % chmod 0700 ~/testdir



            ==> Again, pls note that you are remove the flag restricted deletion or sticky (not group id).



            check



            % stat -c '%04a' ~/testdir
            2700



            huh???



            try a different tack



            % chmod g-w ~/testdir
            % stat -c '%04a' ~/testdir
            0700



            ===========================================================
            Lastthing, you can use this command to get success:



            chmod 000700 ~/testdir





            share|improve this answer


















            • 1




              I don't think a five minute video is necessary or appropriate here
              – Darren H
              Nov 9 '17 at 21:31










            • Sorry, it is not my intent. That five minute's be caused by my kid issue. I'll fix it later.
              – Tech. Pro
              Nov 10 '17 at 2:25














            up vote
            -2
            down vote














            show starting permissions



            % stat -c '%04a' ~/testdir
            0700




            ==> OK!



            change permissions to 2700



            % chmod 2700 ~/testdir



            ==> Note that you are setting Group ID!!!



            check



            % stat -c '%04a' ~/testdir
            2700



            ==> OK!



            so far so good...



            now, change permissions back to 0700



            % chmod 0700 ~/testdir



            ==> Again, pls note that you are remove the flag restricted deletion or sticky (not group id).



            check



            % stat -c '%04a' ~/testdir
            2700



            huh???



            try a different tack



            % chmod g-w ~/testdir
            % stat -c '%04a' ~/testdir
            0700



            ===========================================================
            Lastthing, you can use this command to get success:



            chmod 000700 ~/testdir





            share|improve this answer


















            • 1




              I don't think a five minute video is necessary or appropriate here
              – Darren H
              Nov 9 '17 at 21:31










            • Sorry, it is not my intent. That five minute's be caused by my kid issue. I'll fix it later.
              – Tech. Pro
              Nov 10 '17 at 2:25












            up vote
            -2
            down vote










            up vote
            -2
            down vote










            show starting permissions



            % stat -c '%04a' ~/testdir
            0700




            ==> OK!



            change permissions to 2700



            % chmod 2700 ~/testdir



            ==> Note that you are setting Group ID!!!



            check



            % stat -c '%04a' ~/testdir
            2700



            ==> OK!



            so far so good...



            now, change permissions back to 0700



            % chmod 0700 ~/testdir



            ==> Again, pls note that you are remove the flag restricted deletion or sticky (not group id).



            check



            % stat -c '%04a' ~/testdir
            2700



            huh???



            try a different tack



            % chmod g-w ~/testdir
            % stat -c '%04a' ~/testdir
            0700



            ===========================================================
            Lastthing, you can use this command to get success:



            chmod 000700 ~/testdir





            share|improve this answer















            show starting permissions



            % stat -c '%04a' ~/testdir
            0700




            ==> OK!



            change permissions to 2700



            % chmod 2700 ~/testdir



            ==> Note that you are setting Group ID!!!



            check



            % stat -c '%04a' ~/testdir
            2700



            ==> OK!



            so far so good...



            now, change permissions back to 0700



            % chmod 0700 ~/testdir



            ==> Again, pls note that you are remove the flag restricted deletion or sticky (not group id).



            check



            % stat -c '%04a' ~/testdir
            2700



            huh???



            try a different tack



            % chmod g-w ~/testdir
            % stat -c '%04a' ~/testdir
            0700



            ===========================================================
            Lastthing, you can use this command to get success:



            chmod 000700 ~/testdir






            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Nov 13 '17 at 7:26

























            answered Nov 9 '17 at 18:44









            Tech. Pro

            303




            303







            • 1




              I don't think a five minute video is necessary or appropriate here
              – Darren H
              Nov 9 '17 at 21:31










            • Sorry, it is not my intent. That five minute's be caused by my kid issue. I'll fix it later.
              – Tech. Pro
              Nov 10 '17 at 2:25












            • 1




              I don't think a five minute video is necessary or appropriate here
              – Darren H
              Nov 9 '17 at 21:31










            • Sorry, it is not my intent. That five minute's be caused by my kid issue. I'll fix it later.
              – Tech. Pro
              Nov 10 '17 at 2:25







            1




            1




            I don't think a five minute video is necessary or appropriate here
            – Darren H
            Nov 9 '17 at 21:31




            I don't think a five minute video is necessary or appropriate here
            – Darren H
            Nov 9 '17 at 21:31












            Sorry, it is not my intent. That five minute's be caused by my kid issue. I'll fix it later.
            – Tech. Pro
            Nov 10 '17 at 2:25




            Sorry, it is not my intent. That five minute's be caused by my kid issue. I'll fix it later.
            – Tech. Pro
            Nov 10 '17 at 2:25

















             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f403543%2fpermissions-remain-2700-after-chmod-0700%23new-answer', 'question_page');

            );

            Post as a guest
































































            -

            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Image
            Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Se
            Read more

            Bahrain

            Image
            For other uses, see Bahrain (disambiguation). Sovereign island state in the Persian Gulf Kingdom of Bahrain مملكة البحرين   (Arabic) Mamlakat al-Baḥrayn Flag Coat of arms Anthem:  نشيد البحرين الوطني Bahrainona Our Bahrain Location of   Bahrain    (circled in red) Capital and largest city Manama 26°13′N 50°35′E  /  26.217°N 50.583°E  / 26.217; 50.583 Official languages Arabic Ethnic groups (2010 [1] ) 50.7% Arab (46% Bahrani, 4.7% other Arabs) 45.5% Asian 1% European 1.2% Others Religion Islam Demonym(s) Bahraini Government Unitary constitutional monarchy • King Hamad bin Isa Al Khalifa • Crown Prince Salman bin Hamad bin Isa Al Khalifa • Prime Minister Khalifa bin Salman Al Khalifa Legislature National Assembly • Upper house Consultative Council • Lower house Council of Representatives Independence • Declared Independence [2] 14 August 1971 • from United Kingdom [1] 15 August 1971 • Admitted to the United Nations 21 September 1971 • Kingdom of Bahrain 14 February 2002
            Read more

            Postfix configuration issue with fips on centos 7; mailgun relay

            Image
            Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I am trying to setup postfix to relay all mail generated on the local machine via SMTP to a mailgun relay. I have used the mailgun relay before with success on an ubuntu server, but I am migrating to a Centos 7 server which I will be running in FIPS mode. There error log is below, slightly sanitized. I have a small enough network that I choose to have each machine reach out to mailgun individually (this the loopback-only, 127.0.0.0/8 restrictions) and no firewall open port allowing smtp in to the machine. I assume the FIPS mode (and with it disabling of MD5) is causing problems, but I don't know how to overcome it or if it is even possible for tls_fprint to use some supported hash such as sha256 or sha512. However, the relay=none is slightly concerning since I have relayhost set, but perhaps that is because the smtp process is failing? Any help would be appreciated! postconf -n: alias_database = hash:/etc/alia
            Read more