Clear setuid permission using numeric mode

chmodpermissionssetuid

On an Ubuntu Linux I have a directory with the setuid bit set (drwsr-xr-x) which I want to unset.

Neither chmod 755 nor chmod 0755 nor chmod 00755 (I though maybe the first 0 is interpreted as just "this is octal") cleared the setuid bit. However, chmod u-s did.

What is the correct numeric mode to clear the setuid bit?

Best Answer

Interestingly. this seems to be impossible using GNU chmod, and that's a feature. From the info entry on chmod on my system; note how, whilst the entry on setting the bits makes reference to symbolic and numeric modes, the entry on clearing them refers only to symbolic (ug-s) mode:

27.4 Directories and the Set-User-ID and Set-Group-ID Bits

These convenience mechanisms rely on the set-user-ID and set-group-ID bits of directories. If commands like chmod' andmkdir' routinely cleared these bits on directories, the mechanisms would be less convenient and it would be harder to share files. Therefore, a command like `chmod' does not affect the set-user-ID or set-group-ID bits of a directory unless the user specifically mentions them in a symbolic mode, or sets them in a numeric mode.

[...]

If you want to try to set these bits, you must mention them explicitly in the symbolic or numeric modes, e.g.:

[...]

If you want to try to clear these bits, you must mention them explicitly in a symbolic mode, e.g.:

[...]

This behavior is a GNU extension. Portable scripts should not rely on requests to set or clear these bits on directories, as POSIX allows implementations to ignore these requests.

Related Solutions

Is it possible to represent the +X symbolic permission with an octal value

The short story: it's not possible, no.

The longer story: octal permissions are states. The [+-][rwxXst] notation represents operations that culminate in changing states. Note, not the =[rwxXst] one, which sets state and is equivalent to the octal modes as Gilles said. The X one is the only conditional operation, the other ones are all unconditional.

When you chmod a file with octal permissions, you supply the final state of the permission bits verbatim. When you use the operations, you choose what you want done to the permission bits.

Your question is tantamount to asking if there's a single number that represents all square roots. The answers is obviously ‘no’: every square root yields a number (pedants: though it could be imaginary/irrational), but without the starting state (the number), you can't tell which.

Linux – Howto prevent chgrp from clearing “setuid bit”

If you want to implement your chgrp -R nobody /whatever while retaining the setuid bit you can use these two find commands

find /whatever ! -type l -perm -04000 -exec chgrp nobody {} + \
                                      -exec chmod u+s {} +
find /whatever ! -type l ! -perm -04000 -exec chgrp nobody {} +

The find ... -perm 04000 option picks up files with the setuid bit set. The first command then applies the chgrp and then a chmod to reinstate the setuid bit that has been knocked off. The second one applies chgrp to all files that do not have a setuid bit.

In any case, you don't want to call chgrp or chmod on symlinks as that would affect their targets instead, hence the ! -type l.

Best Answer

Related Solutions

Is it possible to represent the +X symbolic permission with an octal value

Linux – Howto prevent chgrp from clearing “setuid bit”

Related Question