File create permissions, what am I missing?

João Carlos Mendes Luís jonny at
Sun Aug 14 06:03:36 GMT 2005

Greg Black wrote:
> On 2005-08-13, Jo�o Carlos Mendes Lu�s wrote:
>>Brooks Davis wrote:
>>>On BSD systems, the group of a file is always the group of the directory
>>>it is in.  This differs from SysV UNIX.  The resident grey-beard at work
>>>feels this is a new and annoying behavior. (i.e. it wasn't always this
>>>way. :)
>>So this is expected behavior?  Isn't this someway insecure?
> It is documented behaviour (see open(2) for details).  How is it
> insecure?

I don't know how it could be unsecure.  Is there any specifc reason for it to be
different on SYSV and Linux?  Or is it just a different choice?

I could not find any vulnerability, but I do not like the idea that a user could
create files belonging to a group himself does not belong.  My first attempt was
to mark this file setgid, but the system denies it: It is my file, but I am not
in the file's group.  That would be too easy.   ;-)

Nevertheless, if somebody leaves a directory writeable by anoybody, he should
know what he's doing.  If I could just make /tmp not writeable...    ;-)

More information about the freebsd-hackers mailing list