Permissions remain 2700 after `chmod 0700`
Clash Royale CLAN TAG#URR8PPP
up vote
6
down vote
favorite
Example:
# show starting permissions
% stat -c '%04a' ~/testdir
0700
# change permissions to 2700
% chmod 2700 ~/testdir
# check
% stat -c '%04a' ~/testdir
2700
# so far so good...
# now, change permissions back to 0700
% chmod 0700 ~/testdir
# check
% stat -c '%04a' ~/testdir
2700
# huh???
# try a different tack
% chmod g-w ~/testdir
% stat -c '%04a' ~/testdir
0700
Bug or feature?
Why does chmod 0700 ~/testdir
fail to change the permissions from 2700
to 0700
?
I've observed the same behavior in several different filesystems. E.g., in the latest one, the relevant line of mount
's output is
/dev/sda5 on / type ext4 (rw,relatime,errors=remount-ro,data=ordered)
Also, FWIW
% stat -c '%04a' ~/
0755
permissions chmod
add a comment |Â
up vote
6
down vote
favorite
Example:
# show starting permissions
% stat -c '%04a' ~/testdir
0700
# change permissions to 2700
% chmod 2700 ~/testdir
# check
% stat -c '%04a' ~/testdir
2700
# so far so good...
# now, change permissions back to 0700
% chmod 0700 ~/testdir
# check
% stat -c '%04a' ~/testdir
2700
# huh???
# try a different tack
% chmod g-w ~/testdir
% stat -c '%04a' ~/testdir
0700
Bug or feature?
Why does chmod 0700 ~/testdir
fail to change the permissions from 2700
to 0700
?
I've observed the same behavior in several different filesystems. E.g., in the latest one, the relevant line of mount
's output is
/dev/sda5 on / type ext4 (rw,relatime,errors=remount-ro,data=ordered)
Also, FWIW
% stat -c '%04a' ~/
0755
permissions chmod
Are you seeing any permission denied messages? This would be the normal behavior in situations where you may have selinux running.
â Raman Sailopal
Nov 9 '17 at 15:49
@RamanSailopal: what I show in the question is verbatim output. (IOW: no error messages at all.)
â kjo
Nov 9 '17 at 16:02
add a comment |Â
up vote
6
down vote
favorite
up vote
6
down vote
favorite
Example:
# show starting permissions
% stat -c '%04a' ~/testdir
0700
# change permissions to 2700
% chmod 2700 ~/testdir
# check
% stat -c '%04a' ~/testdir
2700
# so far so good...
# now, change permissions back to 0700
% chmod 0700 ~/testdir
# check
% stat -c '%04a' ~/testdir
2700
# huh???
# try a different tack
% chmod g-w ~/testdir
% stat -c '%04a' ~/testdir
0700
Bug or feature?
Why does chmod 0700 ~/testdir
fail to change the permissions from 2700
to 0700
?
I've observed the same behavior in several different filesystems. E.g., in the latest one, the relevant line of mount
's output is
/dev/sda5 on / type ext4 (rw,relatime,errors=remount-ro,data=ordered)
Also, FWIW
% stat -c '%04a' ~/
0755
permissions chmod
Example:
# show starting permissions
% stat -c '%04a' ~/testdir
0700
# change permissions to 2700
% chmod 2700 ~/testdir
# check
% stat -c '%04a' ~/testdir
2700
# so far so good...
# now, change permissions back to 0700
% chmod 0700 ~/testdir
# check
% stat -c '%04a' ~/testdir
2700
# huh???
# try a different tack
% chmod g-w ~/testdir
% stat -c '%04a' ~/testdir
0700
Bug or feature?
Why does chmod 0700 ~/testdir
fail to change the permissions from 2700
to 0700
?
I've observed the same behavior in several different filesystems. E.g., in the latest one, the relevant line of mount
's output is
/dev/sda5 on / type ext4 (rw,relatime,errors=remount-ro,data=ordered)
Also, FWIW
% stat -c '%04a' ~/
0755
permissions chmod
asked Nov 9 '17 at 15:44
kjo
3,85873458
3,85873458
Are you seeing any permission denied messages? This would be the normal behavior in situations where you may have selinux running.
â Raman Sailopal
Nov 9 '17 at 15:49
@RamanSailopal: what I show in the question is verbatim output. (IOW: no error messages at all.)
â kjo
Nov 9 '17 at 16:02
add a comment |Â
Are you seeing any permission denied messages? This would be the normal behavior in situations where you may have selinux running.
â Raman Sailopal
Nov 9 '17 at 15:49
@RamanSailopal: what I show in the question is verbatim output. (IOW: no error messages at all.)
â kjo
Nov 9 '17 at 16:02
Are you seeing any permission denied messages? This would be the normal behavior in situations where you may have selinux running.
â Raman Sailopal
Nov 9 '17 at 15:49
Are you seeing any permission denied messages? This would be the normal behavior in situations where you may have selinux running.
â Raman Sailopal
Nov 9 '17 at 15:49
@RamanSailopal: what I show in the question is verbatim output. (IOW: no error messages at all.)
â kjo
Nov 9 '17 at 16:02
@RamanSailopal: what I show in the question is verbatim output. (IOW: no error messages at all.)
â kjo
Nov 9 '17 at 16:02
add a comment |Â
3 Answers
3
active
oldest
votes
up vote
20
down vote
accepted
Assuming youâÂÂre using GNU chmod
, this is documented in the manpage:
chmod
preserves a directory's set-user-ID and set-group-ID bits unless you explicitly specify otherwise.
You can set or clear the bits with symbolic modes likeu+s
andg-s
, and you can set (but not clear) the
bits with a numeric mode.
This is allowed in POSIX:
For each bit set in the octal number, the corresponding file permission bit shown in the following table shall be set; all other file permission bits shall be cleared. For regular files, for each bit set in the octal number corresponding to the set-user-ID-on-execution or the set-group-ID-on-execution, bits shown in the following table shall be set; if these bits are not set in the octal number, they are cleared. For other file types, it is implementation-defined whether or not requests to set or clear the set-user-ID-on-execution or set-group-ID-on-execution bits are honored.
The reasoning for the behaviour in GNU chmod
is given in the release notes for coreutils
6.0:
chmod
,install
, andmkdir
now preserve a directory's set-user-ID and
set-group-ID bits unless you explicitly request otherwise. E.g.,
chmod 755 DIR
andchmod u=rwx,go=rx DIR
now preserveDIR
's
set-user-ID and set-group-ID bits instead of clearing them, and
similarly formkdir -m 755 DIR
andmkdir -m u=rwx,go=rx DIR
. To
clear the bits, mention them explicitly in a symbolic mode, e.g.,
mkdir -m u=rwx,go=rx,-s DIR
. To set them, mention them explicitly
in either a symbolic or a numeric mode, e.g.,mkdir -m 2755 DIR
,
mkdir -m u=rwx,go=rx,g+s DIR
. This change is for convenience on
systems where these bits inherit from parents. Unfortunately other
operating systems are not consistent here, and portable scripts
cannot assume the bits are set, cleared, or preserved, even when the
bits are explicitly mentioned. For example, OpenBSD 3.9mkdir -m 777 D
preservesD
's setgid bit butchmod 777 D
clears it.
Conversely, Solaris 10mkdir -m 777 D
,mkdir -m g-s D
, and
chmod 0777 D
all preserveD
's setgid bit, and you must use
something likechmod g-s D
to clear it.
ThereâÂÂs more on the topic in #8391, including the further rationale that the leading 0 is ambiguous (it could indicate either cleared bits, or an octal value, in the userâÂÂs mind). The coreutils
manual also has a dedicated section, Directories and the Set-User-ID and Set-Group-ID Bits; this reveals that there are GNU extensions to allow clearing the bits in question:
chmod =700 ~/testdir
chmod 00700 ~/testdir
both clear the bits (but are non-portable).
Thanks! Unfortunately, the documentation doesn't make the behavior look any less capricious... Would you happen to know why GNUchmod
has this particular policy? IOW, is there any justification for it beyond "POSIX doesn't prohibit it"? Does it provide any benefit?
â kjo
Nov 9 '17 at 16:00
1
I tracked down the rationale, see my update.
â Stephen Kitt
Nov 9 '17 at 16:21
I agree this is pretty darn capricious and I feel very much like dyking that behavior out.
â Joshua
Nov 9 '17 at 17:29
1
Heh. As someone who frequently uses setuid/setgid directories in situations where their unintended removal would be unfortunate (would prevent services from being able to access data directories they need read access to, granted via group ownership), I'm happy about this. J. Random User is likely to have scripts and habits that refer to "755" or "550" or whatever and not realize that they need to preserve setuid/setgid when mucking around in directories that are intended to be accessible to other accounts via group permissions.
â Charles Duffy
Nov 9 '17 at 20:59
add a comment |Â
up vote
0
down vote
Try this:
chmod 000700 ~/testdir
add a comment |Â
up vote
-2
down vote
show starting permissions
% stat -c '%04a' ~/testdir
0700
==> OK!
change permissions to 2700
% chmod 2700 ~/testdir
==> Note that you are setting Group ID!!!
check
% stat -c '%04a' ~/testdir
2700
==> OK!
so far so good...
now, change permissions back to 0700
% chmod 0700 ~/testdir
==> Again, pls note that you are remove the flag restricted deletion or sticky (not group id).
check
% stat -c '%04a' ~/testdir
2700
huh???
try a different tack
% chmod g-w ~/testdir
% stat -c '%04a' ~/testdir
0700
===========================================================
Lastthing, you can use this command to get success:
chmod 000700 ~/testdir
1
I don't think a five minute video is necessary or appropriate here
â Darren H
Nov 9 '17 at 21:31
Sorry, it is not my intent. That five minute's be caused by my kid issue. I'll fix it later.
â Tech. Pro
Nov 10 '17 at 2:25
add a comment |Â
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
20
down vote
accepted
Assuming youâÂÂre using GNU chmod
, this is documented in the manpage:
chmod
preserves a directory's set-user-ID and set-group-ID bits unless you explicitly specify otherwise.
You can set or clear the bits with symbolic modes likeu+s
andg-s
, and you can set (but not clear) the
bits with a numeric mode.
This is allowed in POSIX:
For each bit set in the octal number, the corresponding file permission bit shown in the following table shall be set; all other file permission bits shall be cleared. For regular files, for each bit set in the octal number corresponding to the set-user-ID-on-execution or the set-group-ID-on-execution, bits shown in the following table shall be set; if these bits are not set in the octal number, they are cleared. For other file types, it is implementation-defined whether or not requests to set or clear the set-user-ID-on-execution or set-group-ID-on-execution bits are honored.
The reasoning for the behaviour in GNU chmod
is given in the release notes for coreutils
6.0:
chmod
,install
, andmkdir
now preserve a directory's set-user-ID and
set-group-ID bits unless you explicitly request otherwise. E.g.,
chmod 755 DIR
andchmod u=rwx,go=rx DIR
now preserveDIR
's
set-user-ID and set-group-ID bits instead of clearing them, and
similarly formkdir -m 755 DIR
andmkdir -m u=rwx,go=rx DIR
. To
clear the bits, mention them explicitly in a symbolic mode, e.g.,
mkdir -m u=rwx,go=rx,-s DIR
. To set them, mention them explicitly
in either a symbolic or a numeric mode, e.g.,mkdir -m 2755 DIR
,
mkdir -m u=rwx,go=rx,g+s DIR
. This change is for convenience on
systems where these bits inherit from parents. Unfortunately other
operating systems are not consistent here, and portable scripts
cannot assume the bits are set, cleared, or preserved, even when the
bits are explicitly mentioned. For example, OpenBSD 3.9mkdir -m 777 D
preservesD
's setgid bit butchmod 777 D
clears it.
Conversely, Solaris 10mkdir -m 777 D
,mkdir -m g-s D
, and
chmod 0777 D
all preserveD
's setgid bit, and you must use
something likechmod g-s D
to clear it.
ThereâÂÂs more on the topic in #8391, including the further rationale that the leading 0 is ambiguous (it could indicate either cleared bits, or an octal value, in the userâÂÂs mind). The coreutils
manual also has a dedicated section, Directories and the Set-User-ID and Set-Group-ID Bits; this reveals that there are GNU extensions to allow clearing the bits in question:
chmod =700 ~/testdir
chmod 00700 ~/testdir
both clear the bits (but are non-portable).
Thanks! Unfortunately, the documentation doesn't make the behavior look any less capricious... Would you happen to know why GNUchmod
has this particular policy? IOW, is there any justification for it beyond "POSIX doesn't prohibit it"? Does it provide any benefit?
â kjo
Nov 9 '17 at 16:00
1
I tracked down the rationale, see my update.
â Stephen Kitt
Nov 9 '17 at 16:21
I agree this is pretty darn capricious and I feel very much like dyking that behavior out.
â Joshua
Nov 9 '17 at 17:29
1
Heh. As someone who frequently uses setuid/setgid directories in situations where their unintended removal would be unfortunate (would prevent services from being able to access data directories they need read access to, granted via group ownership), I'm happy about this. J. Random User is likely to have scripts and habits that refer to "755" or "550" or whatever and not realize that they need to preserve setuid/setgid when mucking around in directories that are intended to be accessible to other accounts via group permissions.
â Charles Duffy
Nov 9 '17 at 20:59
add a comment |Â
up vote
20
down vote
accepted
Assuming youâÂÂre using GNU chmod
, this is documented in the manpage:
chmod
preserves a directory's set-user-ID and set-group-ID bits unless you explicitly specify otherwise.
You can set or clear the bits with symbolic modes likeu+s
andg-s
, and you can set (but not clear) the
bits with a numeric mode.
This is allowed in POSIX:
For each bit set in the octal number, the corresponding file permission bit shown in the following table shall be set; all other file permission bits shall be cleared. For regular files, for each bit set in the octal number corresponding to the set-user-ID-on-execution or the set-group-ID-on-execution, bits shown in the following table shall be set; if these bits are not set in the octal number, they are cleared. For other file types, it is implementation-defined whether or not requests to set or clear the set-user-ID-on-execution or set-group-ID-on-execution bits are honored.
The reasoning for the behaviour in GNU chmod
is given in the release notes for coreutils
6.0:
chmod
,install
, andmkdir
now preserve a directory's set-user-ID and
set-group-ID bits unless you explicitly request otherwise. E.g.,
chmod 755 DIR
andchmod u=rwx,go=rx DIR
now preserveDIR
's
set-user-ID and set-group-ID bits instead of clearing them, and
similarly formkdir -m 755 DIR
andmkdir -m u=rwx,go=rx DIR
. To
clear the bits, mention them explicitly in a symbolic mode, e.g.,
mkdir -m u=rwx,go=rx,-s DIR
. To set them, mention them explicitly
in either a symbolic or a numeric mode, e.g.,mkdir -m 2755 DIR
,
mkdir -m u=rwx,go=rx,g+s DIR
. This change is for convenience on
systems where these bits inherit from parents. Unfortunately other
operating systems are not consistent here, and portable scripts
cannot assume the bits are set, cleared, or preserved, even when the
bits are explicitly mentioned. For example, OpenBSD 3.9mkdir -m 777 D
preservesD
's setgid bit butchmod 777 D
clears it.
Conversely, Solaris 10mkdir -m 777 D
,mkdir -m g-s D
, and
chmod 0777 D
all preserveD
's setgid bit, and you must use
something likechmod g-s D
to clear it.
ThereâÂÂs more on the topic in #8391, including the further rationale that the leading 0 is ambiguous (it could indicate either cleared bits, or an octal value, in the userâÂÂs mind). The coreutils
manual also has a dedicated section, Directories and the Set-User-ID and Set-Group-ID Bits; this reveals that there are GNU extensions to allow clearing the bits in question:
chmod =700 ~/testdir
chmod 00700 ~/testdir
both clear the bits (but are non-portable).
Thanks! Unfortunately, the documentation doesn't make the behavior look any less capricious... Would you happen to know why GNUchmod
has this particular policy? IOW, is there any justification for it beyond "POSIX doesn't prohibit it"? Does it provide any benefit?
â kjo
Nov 9 '17 at 16:00
1
I tracked down the rationale, see my update.
â Stephen Kitt
Nov 9 '17 at 16:21
I agree this is pretty darn capricious and I feel very much like dyking that behavior out.
â Joshua
Nov 9 '17 at 17:29
1
Heh. As someone who frequently uses setuid/setgid directories in situations where their unintended removal would be unfortunate (would prevent services from being able to access data directories they need read access to, granted via group ownership), I'm happy about this. J. Random User is likely to have scripts and habits that refer to "755" or "550" or whatever and not realize that they need to preserve setuid/setgid when mucking around in directories that are intended to be accessible to other accounts via group permissions.
â Charles Duffy
Nov 9 '17 at 20:59
add a comment |Â
up vote
20
down vote
accepted
up vote
20
down vote
accepted
Assuming youâÂÂre using GNU chmod
, this is documented in the manpage:
chmod
preserves a directory's set-user-ID and set-group-ID bits unless you explicitly specify otherwise.
You can set or clear the bits with symbolic modes likeu+s
andg-s
, and you can set (but not clear) the
bits with a numeric mode.
This is allowed in POSIX:
For each bit set in the octal number, the corresponding file permission bit shown in the following table shall be set; all other file permission bits shall be cleared. For regular files, for each bit set in the octal number corresponding to the set-user-ID-on-execution or the set-group-ID-on-execution, bits shown in the following table shall be set; if these bits are not set in the octal number, they are cleared. For other file types, it is implementation-defined whether or not requests to set or clear the set-user-ID-on-execution or set-group-ID-on-execution bits are honored.
The reasoning for the behaviour in GNU chmod
is given in the release notes for coreutils
6.0:
chmod
,install
, andmkdir
now preserve a directory's set-user-ID and
set-group-ID bits unless you explicitly request otherwise. E.g.,
chmod 755 DIR
andchmod u=rwx,go=rx DIR
now preserveDIR
's
set-user-ID and set-group-ID bits instead of clearing them, and
similarly formkdir -m 755 DIR
andmkdir -m u=rwx,go=rx DIR
. To
clear the bits, mention them explicitly in a symbolic mode, e.g.,
mkdir -m u=rwx,go=rx,-s DIR
. To set them, mention them explicitly
in either a symbolic or a numeric mode, e.g.,mkdir -m 2755 DIR
,
mkdir -m u=rwx,go=rx,g+s DIR
. This change is for convenience on
systems where these bits inherit from parents. Unfortunately other
operating systems are not consistent here, and portable scripts
cannot assume the bits are set, cleared, or preserved, even when the
bits are explicitly mentioned. For example, OpenBSD 3.9mkdir -m 777 D
preservesD
's setgid bit butchmod 777 D
clears it.
Conversely, Solaris 10mkdir -m 777 D
,mkdir -m g-s D
, and
chmod 0777 D
all preserveD
's setgid bit, and you must use
something likechmod g-s D
to clear it.
ThereâÂÂs more on the topic in #8391, including the further rationale that the leading 0 is ambiguous (it could indicate either cleared bits, or an octal value, in the userâÂÂs mind). The coreutils
manual also has a dedicated section, Directories and the Set-User-ID and Set-Group-ID Bits; this reveals that there are GNU extensions to allow clearing the bits in question:
chmod =700 ~/testdir
chmod 00700 ~/testdir
both clear the bits (but are non-portable).
Assuming youâÂÂre using GNU chmod
, this is documented in the manpage:
chmod
preserves a directory's set-user-ID and set-group-ID bits unless you explicitly specify otherwise.
You can set or clear the bits with symbolic modes likeu+s
andg-s
, and you can set (but not clear) the
bits with a numeric mode.
This is allowed in POSIX:
For each bit set in the octal number, the corresponding file permission bit shown in the following table shall be set; all other file permission bits shall be cleared. For regular files, for each bit set in the octal number corresponding to the set-user-ID-on-execution or the set-group-ID-on-execution, bits shown in the following table shall be set; if these bits are not set in the octal number, they are cleared. For other file types, it is implementation-defined whether or not requests to set or clear the set-user-ID-on-execution or set-group-ID-on-execution bits are honored.
The reasoning for the behaviour in GNU chmod
is given in the release notes for coreutils
6.0:
chmod
,install
, andmkdir
now preserve a directory's set-user-ID and
set-group-ID bits unless you explicitly request otherwise. E.g.,
chmod 755 DIR
andchmod u=rwx,go=rx DIR
now preserveDIR
's
set-user-ID and set-group-ID bits instead of clearing them, and
similarly formkdir -m 755 DIR
andmkdir -m u=rwx,go=rx DIR
. To
clear the bits, mention them explicitly in a symbolic mode, e.g.,
mkdir -m u=rwx,go=rx,-s DIR
. To set them, mention them explicitly
in either a symbolic or a numeric mode, e.g.,mkdir -m 2755 DIR
,
mkdir -m u=rwx,go=rx,g+s DIR
. This change is for convenience on
systems where these bits inherit from parents. Unfortunately other
operating systems are not consistent here, and portable scripts
cannot assume the bits are set, cleared, or preserved, even when the
bits are explicitly mentioned. For example, OpenBSD 3.9mkdir -m 777 D
preservesD
's setgid bit butchmod 777 D
clears it.
Conversely, Solaris 10mkdir -m 777 D
,mkdir -m g-s D
, and
chmod 0777 D
all preserveD
's setgid bit, and you must use
something likechmod g-s D
to clear it.
ThereâÂÂs more on the topic in #8391, including the further rationale that the leading 0 is ambiguous (it could indicate either cleared bits, or an octal value, in the userâÂÂs mind). The coreutils
manual also has a dedicated section, Directories and the Set-User-ID and Set-Group-ID Bits; this reveals that there are GNU extensions to allow clearing the bits in question:
chmod =700 ~/testdir
chmod 00700 ~/testdir
both clear the bits (but are non-portable).
edited Nov 9 '17 at 22:38
answered Nov 9 '17 at 15:50
Stephen Kitt
143k22312377
143k22312377
Thanks! Unfortunately, the documentation doesn't make the behavior look any less capricious... Would you happen to know why GNUchmod
has this particular policy? IOW, is there any justification for it beyond "POSIX doesn't prohibit it"? Does it provide any benefit?
â kjo
Nov 9 '17 at 16:00
1
I tracked down the rationale, see my update.
â Stephen Kitt
Nov 9 '17 at 16:21
I agree this is pretty darn capricious and I feel very much like dyking that behavior out.
â Joshua
Nov 9 '17 at 17:29
1
Heh. As someone who frequently uses setuid/setgid directories in situations where their unintended removal would be unfortunate (would prevent services from being able to access data directories they need read access to, granted via group ownership), I'm happy about this. J. Random User is likely to have scripts and habits that refer to "755" or "550" or whatever and not realize that they need to preserve setuid/setgid when mucking around in directories that are intended to be accessible to other accounts via group permissions.
â Charles Duffy
Nov 9 '17 at 20:59
add a comment |Â
Thanks! Unfortunately, the documentation doesn't make the behavior look any less capricious... Would you happen to know why GNUchmod
has this particular policy? IOW, is there any justification for it beyond "POSIX doesn't prohibit it"? Does it provide any benefit?
â kjo
Nov 9 '17 at 16:00
1
I tracked down the rationale, see my update.
â Stephen Kitt
Nov 9 '17 at 16:21
I agree this is pretty darn capricious and I feel very much like dyking that behavior out.
â Joshua
Nov 9 '17 at 17:29
1
Heh. As someone who frequently uses setuid/setgid directories in situations where their unintended removal would be unfortunate (would prevent services from being able to access data directories they need read access to, granted via group ownership), I'm happy about this. J. Random User is likely to have scripts and habits that refer to "755" or "550" or whatever and not realize that they need to preserve setuid/setgid when mucking around in directories that are intended to be accessible to other accounts via group permissions.
â Charles Duffy
Nov 9 '17 at 20:59
Thanks! Unfortunately, the documentation doesn't make the behavior look any less capricious... Would you happen to know why GNU
chmod
has this particular policy? IOW, is there any justification for it beyond "POSIX doesn't prohibit it"? Does it provide any benefit?â kjo
Nov 9 '17 at 16:00
Thanks! Unfortunately, the documentation doesn't make the behavior look any less capricious... Would you happen to know why GNU
chmod
has this particular policy? IOW, is there any justification for it beyond "POSIX doesn't prohibit it"? Does it provide any benefit?â kjo
Nov 9 '17 at 16:00
1
1
I tracked down the rationale, see my update.
â Stephen Kitt
Nov 9 '17 at 16:21
I tracked down the rationale, see my update.
â Stephen Kitt
Nov 9 '17 at 16:21
I agree this is pretty darn capricious and I feel very much like dyking that behavior out.
â Joshua
Nov 9 '17 at 17:29
I agree this is pretty darn capricious and I feel very much like dyking that behavior out.
â Joshua
Nov 9 '17 at 17:29
1
1
Heh. As someone who frequently uses setuid/setgid directories in situations where their unintended removal would be unfortunate (would prevent services from being able to access data directories they need read access to, granted via group ownership), I'm happy about this. J. Random User is likely to have scripts and habits that refer to "755" or "550" or whatever and not realize that they need to preserve setuid/setgid when mucking around in directories that are intended to be accessible to other accounts via group permissions.
â Charles Duffy
Nov 9 '17 at 20:59
Heh. As someone who frequently uses setuid/setgid directories in situations where their unintended removal would be unfortunate (would prevent services from being able to access data directories they need read access to, granted via group ownership), I'm happy about this. J. Random User is likely to have scripts and habits that refer to "755" or "550" or whatever and not realize that they need to preserve setuid/setgid when mucking around in directories that are intended to be accessible to other accounts via group permissions.
â Charles Duffy
Nov 9 '17 at 20:59
add a comment |Â
up vote
0
down vote
Try this:
chmod 000700 ~/testdir
add a comment |Â
up vote
0
down vote
Try this:
chmod 000700 ~/testdir
add a comment |Â
up vote
0
down vote
up vote
0
down vote
Try this:
chmod 000700 ~/testdir
Try this:
chmod 000700 ~/testdir
answered Nov 10 '17 at 7:24
Tech. Pro
303
303
add a comment |Â
add a comment |Â
up vote
-2
down vote
show starting permissions
% stat -c '%04a' ~/testdir
0700
==> OK!
change permissions to 2700
% chmod 2700 ~/testdir
==> Note that you are setting Group ID!!!
check
% stat -c '%04a' ~/testdir
2700
==> OK!
so far so good...
now, change permissions back to 0700
% chmod 0700 ~/testdir
==> Again, pls note that you are remove the flag restricted deletion or sticky (not group id).
check
% stat -c '%04a' ~/testdir
2700
huh???
try a different tack
% chmod g-w ~/testdir
% stat -c '%04a' ~/testdir
0700
===========================================================
Lastthing, you can use this command to get success:
chmod 000700 ~/testdir
1
I don't think a five minute video is necessary or appropriate here
â Darren H
Nov 9 '17 at 21:31
Sorry, it is not my intent. That five minute's be caused by my kid issue. I'll fix it later.
â Tech. Pro
Nov 10 '17 at 2:25
add a comment |Â
up vote
-2
down vote
show starting permissions
% stat -c '%04a' ~/testdir
0700
==> OK!
change permissions to 2700
% chmod 2700 ~/testdir
==> Note that you are setting Group ID!!!
check
% stat -c '%04a' ~/testdir
2700
==> OK!
so far so good...
now, change permissions back to 0700
% chmod 0700 ~/testdir
==> Again, pls note that you are remove the flag restricted deletion or sticky (not group id).
check
% stat -c '%04a' ~/testdir
2700
huh???
try a different tack
% chmod g-w ~/testdir
% stat -c '%04a' ~/testdir
0700
===========================================================
Lastthing, you can use this command to get success:
chmod 000700 ~/testdir
1
I don't think a five minute video is necessary or appropriate here
â Darren H
Nov 9 '17 at 21:31
Sorry, it is not my intent. That five minute's be caused by my kid issue. I'll fix it later.
â Tech. Pro
Nov 10 '17 at 2:25
add a comment |Â
up vote
-2
down vote
up vote
-2
down vote
show starting permissions
% stat -c '%04a' ~/testdir
0700
==> OK!
change permissions to 2700
% chmod 2700 ~/testdir
==> Note that you are setting Group ID!!!
check
% stat -c '%04a' ~/testdir
2700
==> OK!
so far so good...
now, change permissions back to 0700
% chmod 0700 ~/testdir
==> Again, pls note that you are remove the flag restricted deletion or sticky (not group id).
check
% stat -c '%04a' ~/testdir
2700
huh???
try a different tack
% chmod g-w ~/testdir
% stat -c '%04a' ~/testdir
0700
===========================================================
Lastthing, you can use this command to get success:
chmod 000700 ~/testdir
show starting permissions
% stat -c '%04a' ~/testdir
0700
==> OK!
change permissions to 2700
% chmod 2700 ~/testdir
==> Note that you are setting Group ID!!!
check
% stat -c '%04a' ~/testdir
2700
==> OK!
so far so good...
now, change permissions back to 0700
% chmod 0700 ~/testdir
==> Again, pls note that you are remove the flag restricted deletion or sticky (not group id).
check
% stat -c '%04a' ~/testdir
2700
huh???
try a different tack
% chmod g-w ~/testdir
% stat -c '%04a' ~/testdir
0700
===========================================================
Lastthing, you can use this command to get success:
chmod 000700 ~/testdir
edited Nov 13 '17 at 7:26
answered Nov 9 '17 at 18:44
Tech. Pro
303
303
1
I don't think a five minute video is necessary or appropriate here
â Darren H
Nov 9 '17 at 21:31
Sorry, it is not my intent. That five minute's be caused by my kid issue. I'll fix it later.
â Tech. Pro
Nov 10 '17 at 2:25
add a comment |Â
1
I don't think a five minute video is necessary or appropriate here
â Darren H
Nov 9 '17 at 21:31
Sorry, it is not my intent. That five minute's be caused by my kid issue. I'll fix it later.
â Tech. Pro
Nov 10 '17 at 2:25
1
1
I don't think a five minute video is necessary or appropriate here
â Darren H
Nov 9 '17 at 21:31
I don't think a five minute video is necessary or appropriate here
â Darren H
Nov 9 '17 at 21:31
Sorry, it is not my intent. That five minute's be caused by my kid issue. I'll fix it later.
â Tech. Pro
Nov 10 '17 at 2:25
Sorry, it is not my intent. That five minute's be caused by my kid issue. I'll fix it later.
â Tech. Pro
Nov 10 '17 at 2:25
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f403543%2fpermissions-remain-2700-after-chmod-0700%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Are you seeing any permission denied messages? This would be the normal behavior in situations where you may have selinux running.
â Raman Sailopal
Nov 9 '17 at 15:49
@RamanSailopal: what I show in the question is verbatim output. (IOW: no error messages at all.)
â kjo
Nov 9 '17 at 16:02