# SUID bit on a directory.



## SirDice (Sep 16, 2013)

It seems the man page for chmod(1) is either wrong or I'm misunderstanding it. 

Specifically:

```
4000    (the setuid bit).  Executable files with this bit set will
                   run with effective uid set to the uid of the file owner.
                   [highlight]Directories with this bit set will force all files and sub-
                   directories created in them to be owned by the directory
                   owner and not by the uid of the creating process, if the
                   underlying file system supports this feature: see chmod(2)
                   and the suiddir option to mount(8).[/highlight]
```

Assume a regular UFS filesystem:

```
root@fbsd-test:/ # mkdir /test
root@fbsd-test:/ # chown user_a:test /test/
root@fbsd-test:/ # chmod 4775 test/
root@fbsd-test:/ # ls -ald /test/
drwsrwxr-x  2 user_a  test  512 Sep 16 13:36 /test/
root@fbsd-test:/ # id user_a
uid=1002(user_a) gid=1002(user_a) groups=1002(user_a),1004(test)
root@fbsd-test:/ # id user_b
uid=1003(user_b) gid=1003(user_b) groups=1003(user_b),1004(test)
root@fbsd-test:/ # su - user_b
user_b@fbsd-test:~ % cd /test/
user_b@fbsd-test:/test % touch file1
user_b@fbsd-test:/test % ls -l file1
-rw-r--r--  1 user_b  test  0 Sep 16 13:37 file1
user_b@fbsd-test:/test %
```

According to the man page the file1 file should be owned by user_a, not user_b. 

Setting the SGID does work as expected:

```
root@fbsd-test:/ # mkdir /test
root@fbsd-test:/ # chown user_a:test /test
root@fbsd-test:/ # chmod 2775 /test
root@fbsd-test:/ # ls -ald /test
drwxrwsr-x  2 user_a  test  512 Sep 16 13:39 /test/
root@fbsd-test:/ # su - user_b
user_b@fbsd-test:~ % cd /test
user_b@fbsd-test:/test % ll
total 0
user_b@fbsd-test:/test % touch file2
user_b@fbsd-test:/test % ls -al file2
-rw-r--r--  1 user_b  test  0 Sep 16 13:40 file2
```


----------



## fonz (Sep 16, 2013)

Just to be sure: does your kernel have SUIDDIR enabled? Also, has the filesystem in question been mounted with the suiddir option?


----------



## SirDice (Sep 16, 2013)

I'm not sure, it's just a GENERIC kernel. I don't think it's enabled by default.


----------



## fonz (Sep 16, 2013)

SirDice said:
			
		

> it's just a GENERIC kernel. I don't think it's enabled by default.


It isn't. You need to build a kernel with

```
option[HIGHLIGHT]s[/HIGHLIGHT] SUIDDIR
```
and the filesystem must be mounted with the -o suiddir option.


----------



## SirDice (Sep 16, 2013)

Bugger. It seems the man page isn't clear enough. 

We have several different people administrating websites. Each file is now owned by the person that put it there. I was hoping to use this to set it to a specific user ID. It seems I have to figure out a way of doing this with a group (I can't run a custom kernel).


----------



## fonz (Sep 16, 2013)

It is mentioned somewhere in chmod(2), which in turn is referred to in chmod(1) 

And yes, what you want is a typical use of this feature.


----------

