unofficial mirror of emacs-devel@gnu.org 
 help / color / mirror / code / Atom feed
From: Stephen Gildea <stepheng+emacs@gildea.com>
To: emacs-devel@gnu.org
Subject: backup-by-copying-when-privileged-mismatch should apply to gid, too
Date: Fri, 20 Dec 2019 09:20:01 -0800	[thread overview]
Message-ID: <7452.1576862401@quatro> (raw)

[-- Attachment #1: Type: text/plain, Size: 417 bytes --]

I propose to have backup-by-copying-when-privileged-mismatch, which
preserves the ownership of files with low-uid owner (e.g., root-owned
system files), also preserve the ownership of files with low-gid group.

I think failing to look at the file's group was an oversight when we
implemented backup-by-copying-when-privileged-mismatch.  Are there any
objections to my fixing it now?

My proposed change is attached:


[-- Attachment #2: [PATCH] --]
[-- Type: text/plain, Size: 4875 bytes --]

From e7aad688807f89532b1e6f2d67e6589c9f740859 Mon Sep 17 00:00:00 2001
From: Stephen Gildea <stepheng+emacs@gildea.com>
Date: Fri, 20 Dec 2019 09:15:13 -0800
Subject: [PATCH] backup-by-copying-when-privileged-mismatch applies to file
 gid, too.

* lisp/files.el (backup-by-copying-when-privileged-mismatch):  In addition
to checking the file uid, a second test is added: if the file gid is not
greater than backup-by-copying-when-privileged-mismatch,
backup-by-copying-when-mismatch will also be forced on.

* doc/emacs/files.texi, doc/lispref/backups.texi: Updated documentation.

Also fixed a typo in the Emacs reference manual, changing "higher" to
"no greater" so that the limit is no longer documented reversed.
---
 doc/emacs/files.texi     |  5 +++--
 doc/lispref/backups.texi |  6 +++---
 etc/NEWS                 |  5 +++++
 lisp/files.el            | 15 +++++++++------
 4 files changed, 20 insertions(+), 11 deletions(-)

diff --git a/lisp/files.el b/lisp/files.el
index a384e7136e..96f1e8d47e 100644
--- a/lisp/files.el
+++ b/lisp/files.el
@@ -134,10 +134,11 @@ backup-by-copying-when-mismatch
 (defcustom backup-by-copying-when-privileged-mismatch 200
   "Non-nil means create backups by copying to preserve a privileged owner.
 Renaming may still be used (subject to control of other variables)
-when it would not result in changing the owner of the file or if the owner
-has a user id greater than the value of this variable.  This is useful
-when low-numbered uid's are used for special system users (such as root)
-that must maintain ownership of certain files.
+when it would not result in changing the owner of the file or if the
+user id and group id of the file are both greater than the value of
+this variable.  This is useful when low-numbered uid's and gid's are
+used for special system users (such as root) that must maintain
+ownership of certain files.
 This variable is relevant only if `backup-by-copying' and
 `backup-by-copying-when-mismatch' are nil."
   :type '(choice (const nil) integer)
@@ -4634,8 +4635,10 @@ backup-buffer
 				      (let ((attr (file-attributes
 						   real-file-name
 						   'integer)))
-					(<= (file-attribute-user-id attr)
-					    copy-when-priv-mismatch))))
+                                        (or (<= (file-attribute-user-id attr)
+                                                copy-when-priv-mismatch)
+                                            (<= (file-attribute-group-id attr)
+                                                copy-when-priv-mismatch)))))
 			     (not (file-ownership-preserved-p real-file-name
 							      t)))))
 		   setmodes)
diff --git a/doc/emacs/files.texi b/doc/emacs/files.texi
index 7221edcc1b..f5dd408cc9 100644
--- a/doc/emacs/files.texi
+++ b/doc/emacs/files.texi
@@ -690,8 +690,9 @@ Backup Copying
 the file's owner or group, use copying.
 
 If you change @code{backup-by-copying-when-mismatch} to @code{nil},
-Emacs checks the numeric user-id of the file's owner.  If this is
-higher than @code{backup-by-copying-when-privileged-mismatch}, then it
+Emacs checks the numeric user-id of the file's owner and the numeric
+group-id of the file's group.  If either is
+no greater than @code{backup-by-copying-when-privileged-mismatch}, then it
 behaves as though @code{backup-by-copying-when-mismatch} is
 non-@code{nil} anyway.
 
diff --git a/doc/lispref/backups.texi b/doc/lispref/backups.texi
index 6a5b6d1661..c17d98eb19 100644
--- a/doc/lispref/backups.texi
+++ b/doc/lispref/backups.texi
@@ -232,11 +232,11 @@ Rename or Copy
 @defopt backup-by-copying-when-privileged-mismatch
 This variable, if non-@code{nil}, specifies the same behavior as
 @code{backup-by-copying-when-mismatch}, but only for certain user-id
-values: namely, those less than or equal to a certain number.  You set
-this variable to that number.
+and group-id values: namely, those less than or equal to a certain number.
+You set this variable to that number.
 
 Thus, if you set @code{backup-by-copying-when-privileged-mismatch}
-to 0, backup by copying is done for the superuser only,
+to 0, backup by copying is done for the superuser and group 0 only,
 when necessary to prevent a change in the owner of the file.
 
 The default is 200.
diff --git a/etc/NEWS b/etc/NEWS
index cf4e705a52..00ba11d94a 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -533,7 +533,11 @@ The HIST argument of 'read-from-minibuffer' now works correctly with
 buffer-local variables.  This means that different buffers can have
 their own separated input history list if desired.
 
+** 'backup-by-copying-when-privileged-mismatch' applies to file gid, too.
+In addition to checking the file owner uid, Emacs also checks that the
+group gid is not greater than backup-by-copying-when-privileged-mismatch;
+if so, backup-by-copying-when-mismatch will be forced on.
+
 \f
 * Editing Changes in Emacs 27.1
 
-- 
2.17.1


             reply	other threads:[~2019-12-20 17:20 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-20 17:20 Stephen Gildea [this message]
2019-12-21 18:53 ` backup-by-copying-when-privileged-mismatch should apply to gid, too Stephen Gildea
2019-12-21 19:31   ` Eli Zaretskii

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://www.gnu.org/software/emacs/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7452.1576862401@quatro \
    --to=stepheng+emacs@gildea.com \
    --cc=emacs-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).