From brandt@fokus.gmd.de  Mon Jan 14 08:27:21 2002
Return-Path: <brandt@fokus.gmd.de>
Received: from mailhub.fokus.gmd.de (mailhub.fokus.gmd.de [193.174.154.14])
	by hub.freebsd.org (Postfix) with ESMTP id C4DB737B41E
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 14 Jan 2002 08:27:19 -0800 (PST)
Received: from fokus.gmd.de (beagle [193.175.132.100])
	by mailhub.fokus.gmd.de (8.11.6/8.11.6) with ESMTP id g0EGRGh03268;
	Mon, 14 Jan 2002 17:27:16 +0100 (MET)
Received: (from root@localhost)
	by fokus.gmd.de (8.11.6/8.11.0) id g0EGRFO21809;
	Mon, 14 Jan 2002 17:27:15 +0100 (CET)
	(envelope-from hbb)
Message-Id: <200201141627.g0EGRFO21809@fokus.gmd.de>
Date: Mon, 14 Jan 2002 17:27:15 +0100 (CET)
From: Hartmut Brandt <brandt@fokus.gmd.de>
Reply-To: Hartmut Brandt <brandt@fokus.gmd.de>
To: FreeBSD-gnats-submit@freebsd.org
Cc: schilling@fokus.gmd.de
Subject: Documentet behaviour of SF_flags for non-SU is wrong
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         33877
>Category:       docs
>Synopsis:       [patch] chflags(2): documented behaviour of SF_flags for non-SU is wrong
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    keramida
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 14 08:30:01 PST 2002
>Closed-Date:    Fri Jun 23 18:36:10 GMT 2006
>Last-Modified:  Fri Jun 23 18:36:10 GMT 2006
>Originator:     Hartmut Brandt
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
FhG Fokus
>Environment:
System: FreeBSD beagle.fokus.gmd.de 5.0-CURRENT FreeBSD 5.0-CURRENT #7: Fri Jan 11 13:15:44 CET 2002 hbb@beagle.fokus.gmd.de:/opt/obj/usr/src/sys/BEAGLE i386


	
>Description:

	The man 2 chflags man page is wrong in its description how the
	flags are handled in some cases:

	1. The non-superuser is not allowed to change any flag if one of
	SF_IMMUTABLE, SF_APPEND, SF_NOUNLINK are set. While the first is
	abvious the other two cases are not and should be documentet.

	2. The non-superuser is not allowed to SET any SF_* flag. Doing
	so results in EPERM returned (this is contrary to the man page).

	3. Clearing a SF_* flag by the superuser is silently ignored.

	4. The superuser cannot change any flag if one of
	SF_IMMUTABLE, SF_APPEND, SF_NOUNLINK is set if securelevel is greater
	than 0. See comment 1.

	5. The SF_SNAPSHOT flag is not documentet.

	6. The SF_SNAPSHOT flag cannot be set or cleared by any user.

>How-To-Repeat:
	Construct one of the above cases and try chflags and ls -lo. For
	1. the sequence would be (as joe:user):

	# sudo touch /var/tmp/foo
	# sudo chown joe:user /var/tmp/foo
	# chflags schg /var/tmp/foo
	chflags: /var/tmp/foo: Operation not permitted
	# sudo chflags schg /var/tmp/foo
	# chflags noschg /var/tmp/foo
	chflags: /var/tmp/foo: Operation not permitted

	For cases 2 and 3:
	# sudo touch /var/tmp/foo
	# sudo chown joe:user /var/tmp/foo
	# chflags arch /var/tmp/foo
	chflags: /var/tmp/foo: Operation not permitted
	# sudo chflags arch /var/tmp/foo
	# chflags noarch /var/tmp/foo
	# ls -lo /var/tmp/foo
	-rw-r--r--  1 joe  user  arch 0 Jan 14 16:01 /var/tmp/foo

>Fix:

Index: chflags.2
===================================================================
RCS file: /usr/ncvs/src/lib/libc/sys/chflags.2,v
retrieving revision 1.19
diff -c -r1.19 chflags.2
*** chflags.2	1 Oct 2001 16:09:01 -0000	1.19
--- chflags.2	14 Jan 2002 16:25:21 -0000
***************
*** 80,87 ****
--- 80,100 ----
  The file may only be appended to.
  .It SF_NOUNLINK
  The file may not be renamed or deleted.
+ .It SF_SNAPSHOT
+ The file is a snapshot file.
  .El
  .Pp
+ If one of 
+ .Dq SF_IMMUTABLE ,
+ .Dq SF_APPEND ,
+ or
+ .Dq SF_NOUNLINK
+ is set a non-super-user cannot change any flags and even the super-user
+ can change flags only if securelevel is greater than 0.
+ (See
+ .Xr init 8
+ for details.)
+ .Pp
  The
  .Dq UF_IMMUTABLE ,
  .Dq UF_APPEND ,
***************
*** 98,110 ****
  and
  .Dq SF_ARCHIVED
  flags may only be set or unset by the super-user.
! Attempts by the non-super-user to set the super-user only flags
! are silently ignored.
! These flags may be set at any time, but normally may only be unset when
! the system is in single-user mode.
! (See
! .Xr init 8
! for details.)
  .Sh RETURN VALUES
  .Rv -std
  .Sh ERRORS
--- 111,121 ----
  and
  .Dq SF_ARCHIVED
  flags may only be set or unset by the super-user.
! Attempts to set these flags by non-super-users are rejected, attempts to
! clear flags, that are already set, by non-super-users are silently ignored.
! The
! .Dq SF_SNAPSHOT
! flag is maintained by the system and cannot be changed by any user.
  .Sh RETURN VALUES
  .Rv -std
  .Sh ERRORS
***************
*** 125,130 ****
--- 136,148 ----
  .It Bq Er EPERM
  The effective user ID does not match the owner of the file and
  the effective user ID is not the super-user.
+ One of
+ .Dq SF_IMMUTABLE ,
+ .Dq SF_APPEND ,
+ or
+ .Dq SF_NOUNLINK
+ is set and the user is either not the super-user or securelevel is greater
+ than 0. A non-super-user tries to set one of the system flags.
  .It Bq Er EROFS
  The named file resides on a read-only file system.
  .It Bq Er EFAULT
***************
*** 149,154 ****
--- 167,179 ----
  .It Bq Er EPERM
  The effective user ID does not match the owner of the file and
  the effective user ID is not the super-user.
+ One of
+ .Dq SF_IMMUTABLE ,
+ .Dq SF_APPEND ,
+ or
+ .Dq SF_NOUNLINK
+ is set and the user is either not the super-user or securelevel is greater
+ than 0. A non-super-user tries to set one of the system flags.
  .It Bq Er EROFS
  The file resides on a read-only file system.
  .It Bq Er EIO
	


>Release-Note:
>Audit-Trail:

From: Giorgos Keramidas <keramida@freebsd.org>
To: Hartmut Brandt <brandt@fokus.gmd.de>
Cc: FreeBSD-gnats-submit@freebsd.org, schilling@fokus.gmd.de
Subject: Re: docs/33877: Documentet behaviour of SF_flags for non-SU is wrong
Date: Thu, 24 Jan 2002 02:37:44 +0200

 Adding to audit trail:
 
 Date: Tue, 15 Jan 2002 11:05:33 +0100 (MET)
 From: Joerg Schilling <schilling@fokus.gmd.de>
 
  >	2. The non-superuser is not allowed to SET any SF_* flag. Doing
  >	so results in EPERM returned (this is contrary to the man page).
 
  >	3. Clearing a SF_* flag by the superuser is silently ignored.
  	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
  This should read: Clearing a SF_* flag by the non-superuser is silently ignored.
 
 - Giorgos
 
State-Changed-From-To: open->patched 
State-Changed-By: keramida 
State-Changed-When: Tue May 16 20:25:40 UTC 2006 
State-Changed-Why:  
I've committed a slightly edited version of the diff, 
as revision 1.26 of src/lib/libc/sys/chflags.2,v 


Responsible-Changed-From-To: freebsd-doc->keramida 
Responsible-Changed-By: keramida 
Responsible-Changed-When: Tue May 16 20:25:40 UTC 2006 
Responsible-Changed-Why:  
I will handle the MFC of this to RELENG_X branches. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=33877 
State-Changed-From-To: patched->closed 
State-Changed-By: keramida 
State-Changed-When: Fri Jun 23 18:35:17 UTC 2006 
State-Changed-Why:  
Merged to RELENG_6 in revision 1.25.8.1 of file 
src/lib/libc/sys/chflags.2 

http://www.freebsd.org/cgi/query-pr.cgi?pr=33877 
>Unformatted:
