Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cornell!uw-beaver!rice!sun-spots-request
From: munnari!technix.oz.au!ahl@uunet.uu.net (Tony Landells)
Newsgroups: comp.sys.sun
Subject: Re: 4.0 likes s and S protections
Message-ID: <162@technix.oz.au>
Date: 1 Feb 89 12:42:07 GMT
References: <106501@Wayne-MTS> <801@auspex.UUCP> <1842@nickerson.munsell.UUCP>
Sender: usenet@rice.edu
Organization: TechNIX Consulting Services, Melbourne, Australia
Lines: 28
Approved: Sun-Spots@rice.edu
Original-Date: 24 Jan 89 06:43:35 GMT
X-Sun-Spots-Digest: Volume 7, Issue 132, message 3 of 14

Moderator's annotation:
> ...Near as I can tell via experimentation, "chmod" now treats
> directories as a special case.  The only way to turn off the setgid
> bit on a directory is via "chmod g-s ...".

The current behaviour is documented in the manuals.  In the SunOS 4.0
Change Notes, section 2.4 (General Software Changes), it describes the new
semantics (under the margin label "Group ID for Newly-Created Files), and
suggests some options for either bringing your system into line or having
a filesystem use the old semantics.

As for the behaviour of chmod, chmod(1) says under numerical modes

	2000	Set group ID on execution (this bit is ignored if the file
		is a directory; it may be set or cleared only using symbolic
		mode).

Then there's the User's Guide in the Security Features Guide, which has a
little section on "Directories and Set Group ID" ...

This is the only documentation I can spot immediately, but I'm sure there
was something elsewhere which commented on the need to use symbolic modes
to affect directories - it's just a matter of looking for it.

[[ I found the parenthetical comment in the chmod manual page a few days
after I made that comment.  You have to admit, it is pretty well hidden in
that manual page.  When I initially scanned the manual page, I didn't see
it.  --wnl ]]