bug#29069: info coreutils file permissions: improvements/bug-report

[kalle]

hi,
the parts concerning 27.3 (numeric modes) have been put into a different
e-mail by me.



>On 2017-10-30 02:38 PM, kalle wrote:
>> here some improvement proposals/bug report on info coreutils file
permissions:
>>
>> -in my opinion it would be good to explain the general idea bihind
the file permissions a bit more. what the issues are etc. Elese one
doesn't really understand, what all the detailed fuss is about. -why
>> is running a file considered different  from reading one? Fact is,
>> that this point underlies the concept of symbolic mode with it's `rwx'. -

>There is a trade-off between being a full-blown unix tutorial and a
>manual for coreutils.

I thought that `man' does the short reference part and info was a bit
more detailed. The wiki.debian.org/Permissions-tutorial is even shorter
than this texinfo-document actually is and also doesn't motivate the
permission concept.

>There are many good tutorials and guides available in books and online,
>e.g. https://wiki.debian.org/Permissions .

IMO the advantage of texinfo is, that it is nearly always by the hand
and is a standard documentation. The disadvantage of the
debian-wiki-tutorial is, that it uses a debian-specific platform while
handling general content, thus unnecessarily wasting resources in form
of human time and restricting accessability, in the sense that not all
GNU-users would look at this site.
It by the way has a wrong description about unsetting special mode bits
by doing e.g. `chmod '0755'' (see at "Case 4"), which I will correct as
soon as possible -> more users, less mistakes..

What do YOU think should be the character of an info-file?

>To make this discussion more concrete, it would help if you send
specific patches for the paragraph you'd like to change, with suggested
wording.

As it's about the motivation of the concept I would prefer to not help
out with a patch since I myself am a learner.

>> 27.1,end of the first section: add the sentence "They have a
different meaning, according to wether they are directories or not"

>Each relevant bullet points in that page end with "... for Directories,
>this means [...]".

I think it is better to write this before the bullet points to make it
clear, that the concept  of "read"/"write"/etc. is different whether it
is a regualar file or a directory rather than you have to interprete
these terms differently according to whether the target file is a
regular file or a directory.



>> 27.2.4, part "or already had execute permission": had execute
permission for which user category? for the one in question or for any?

>Any category.

>The last sentence in that page says:
>"gives all users permission [...]  if anyone could execute them before".

yes, it says this, but it relates to the example `a+X', where also
_any_one would get executability.
my patch: Add "for anyone" to the sentence "already had execute permission".


>> -explain more fundamentally the relationship between file permission
>> rights and the rights of the corresponding directory , for example
>> regarding to deletion: who has the right to delete file /b/a? users
>> with writing permission on a AND those withrmission on b?

>I think this is a good suggestion (though perhaps not specific to
>coreutils).

Where else would be the place to write about this?

>We recently had a related discussion about that in 'sed',
>where users were surprised that "sed --inplace" can modify a read-only
file.
>https://lists.gnu.org/archive/html/bug-sed/2017-06/msg00000.html

>Similarly on gawk:
>https://lists.gnu.org/archive/html/bug-gawk/2015-06/msg00000.html


>> 27.4: wouldn't it be better to talk about 'operators _in_ numeric
>> mode' rather than from an 'operator numeric mode', since "numeric
>> mode" is an atrribute?

>(I'll leave this to native English speakers)

No native English speakers answering...


>>
>-27.5: it is said, that "a command like `chmod' does not
>> affect the set-user-id, unless […] sets them in a numeric mode".But
>> also, the example states that `chmod 0755' or `mkdir -m 0755'
>> doesn't change set-user/group-id- bits.
>>
>> For me, this doesn't fit together,since the `0' in `0755' explicitly
sets all special mode bits to zero.

>There is some subtlety here, which perhaps can be explained better
(patches are welcomed!).

>Setting (=turning on) sticky/setuid/setgid bits using the 4th octal
digit works as expected (i.e. chmod 4775 DIR).

>In GNU's chmod(1), setting the 4th digit to zero *does not* clear those
bits, it preserves them (i.e. does not change them if they are set).
>To clear them, one needs to specify *five* octal digits: 00755.

>This is explained in the second paragraph of section 27.5:
>"Therefore, a command like chmod does not affect the set-user-ID or
set-group-ID bits of a directory unless the user specifically mentions
them in a symbolic mode, or uses an operator numeric mode such as
‘=755’, or sets them in a numeric mode, or clears them in a numeric mode
that has **five or more** octal digits."
>https://www.gnu.org/software/coreutils/manual/html_node/Directory-Setuid-and-Setgid.html

"does not affect" should be replaced by "does not clear" (because chmod
does affect special mode bits when setting them), "mentions" replaced by
"clears", "or sets them in a numeric mode" has to be taken away (this is
what I wanted to tell by saying that 0755 is an explicit mentioning in
numeric mode -> because this shouldn't  work, numeric mode shouldn't
work for clearing special mode bits).

>The last paragraph on said page also mentions:
>"The GNU behavior with numeric modes of four or fewer digits is
intended for scripts portable to systems that preserve these bits; the
behavior with numeric modes of five or more digits is for scripts
portable to systems that do not preserve the bits."

I don't really understand this paragraph.

>The wording could also be improved in section "27.3 Numeric Modes",
which only mentions this in passing:
>  "However, modes of five digits or more, such as ‘00055’,
>   are sometimes special. See Directory Setuid and Setgid."
>https://www.gnu.org/software/coreutils/manual/html_node/Numeric-Modes.html

My improvement proposal:
Modes of five digits or more, such as `00055', have a special meaning
for directories (see Directory Setuid and Setgid)

The sentence before, "mode `0055' is the same as `55'", is also not very
neat, since it doesn't explain why it is so and if it has something to
do with putting `0' in front when using the language `C'.


>> -27.5,last section, it says: "this behavior is a GNU extension".
Which behavior is meant?

>This refers to the preceding paragraph, dealing with "if you want to
clear these bits".

I propose to replace "This behavior" by "This last behavior" to make it
clearer.


>The behavior differs from other systems (e.g. FreeBSD),
>where "chmod 0775" indeed clears the suid bit.

I think it should also be explained in chapter 27, what the default
permissions are, when creating a file etc.And also: who can change the
permissions, and how?There has to be at least a reference

In the menu 27, there is written about "ANDing" and "ORing".These terms
doesn't appear in the appropriate section, namely 27.4.

>> greetings, kalle

>Thank you for raising these issues.

>If you'd like to suggest better wordings, please do send a patches
>(preferably one patch for each section/topic).

>I'm marking this as "not-a-bug", but keeping it open
>until we either improve these items or decide to keep them as-is.

>regards,
> - assaf