Unprivileged user can't set sticky bit on a file; why?
Nate Eldredge
neldredge at math.ucsd.edu
Thu Nov 13 23:05:22 PST 2008
Hi folks,
FreeBSD doesn't allow an unprivileged user to set the sticky bit (mode
S_ISTXT, octal 01000) on a file, though it does allow root to do so.
nate at vulcan:/tmp$ chmod +t foo
chmod: foo: Inappropriate file type or format
nate at vulcan:/tmp$ su
Password:
vulcan# chmod +t foo
vulcan# ls -l foo
-rw-r--r-T 1 nate wheel 0 Nov 13 22:46 foo
Why is this?
I don't expect the sticky bit to actually do anything on a regular file in
this day and age (I know what its historical behavior was, and what it
does for directories), but I'd think it would be harmless to set it.
Linux lets a user set the sticky bit, and Solaris silently masks it off.
I came across this when trying to rsync some files which had the sticky
bit set on the remote side. (It's the historical Unix archive from
tuhs.org; the files in question are part of an unpacked V7 UNIX
installation, for which the sticky bit of course had meaning. :-) ) It's
annoying that this makes rsync fail; it messes up my mirroring script.
sticky(8) says the bit "is ignored for regular files", which evidently
isn't accurate. chmod(2) says "on UFS-based file systems (FFS, LFS) the
sticky bit may only be set upon directories", which isn't right either
since root is able to do it. src/sys/ufs/ufs/ufs_vnops.c has the
following comment:
/*
* Privileged processes may set the sticky bit on non-directories,
* as well as set the setgid bit on a file with a group that the
* process is not a member of. Both of these are allowed in
* jail(8).
*/
but does not explain why unprivileged process should be forbidden to set
the sticky bit.
--
Nate Eldredge
neldredge at math.ucsd.edu
More information about the freebsd-hackers
mailing list