Tag Archives: setuid

How to chown and setuid

Something to watch out for.

If you change the owner of a file that has setuid permission, the setuid bit gets removed:

# ls -l /usr/bin/gpasswd
-rwsr-xr-x. 1 root root 78144 Mar 19 2013 /usr/bin/gpasswd 
# chown nobody /usr/bin/gpasswd 
# ls -l /usr/bin/gpasswd 
-rwxr-xr-x. 1 nobody root 78144 Mar 19 2013 /usr/bin/gpasswd

Therefore if you reset the owner of such a file (for instance, after an accidental recursive chown), then you need to reset the permissions afterwards.
If you reset both the owner AND the permissions, it has to be done in the correct order – ownership first, then permissions.

So what will this do?

# rpm --setperms --setugids

 

It turns out (on RHEL5 at any rate) that it changes the permissions first. So the binaries that ought to have the setuid bit were left without it.

The moral of this story is that you should do the work in two passes:

# rpm --setugids

# rpm --setperms