From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Stephen Gildea Newsgroups: gmane.emacs.devel Subject: backup-by-copying-when-privileged-mismatch should apply to gid, too Date: Fri, 20 Dec 2019 09:20:01 -0800 Message-ID: <7452.1576862401@quatro> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="87816"; mail-complaints-to="usenet@blaine.gmane.org" To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Dec 20 18:53:37 2019 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iiMT3-000MjE-62 for ged-emacs-devel@m.gmane.org; Fri, 20 Dec 2019 18:53:37 +0100 Original-Received: from localhost ([::1]:60026 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iiMT1-0006Fb-Ae for ged-emacs-devel@m.gmane.org; Fri, 20 Dec 2019 12:53:35 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:35858) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iiLwj-0002NL-Si for emacs-devel@gnu.org; Fri, 20 Dec 2019 12:20:15 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iiLwh-0004pK-P3 for emacs-devel@gnu.org; Fri, 20 Dec 2019 12:20:13 -0500 Original-Received: from tigger.sg.gildea.net ([99.65.78.170]:39154 helo=quatro.sg.gildea.net) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1iiLwg-0004au-F6 for emacs-devel@gnu.org; Fri, 20 Dec 2019 12:20:11 -0500 Original-Received: from quatro (localhost [IPv6:::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client did not present a certificate) by quatro.sg.gildea.net (Postfix) with ESMTPS id 12DB3BFA35 for ; Fri, 20 Dec 2019 12:20:02 -0500 (EST) X-Mailer: MH-E 8.6; nmh 1.7.1-RC3; GNU Emacs 25.2.2 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 99.65.78.170 X-Mailman-Approved-At: Fri, 20 Dec 2019 12:53:30 -0500 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:243520 Archived-At: --=-=-= Content-Type: text/plain I propose to have backup-by-copying-when-privileged-mismatch, which preserves the ownership of files with low-uid owner (e.g., root-owned system files), also preserve the ownership of files with low-gid group. I think failing to look at the file's group was an oversight when we implemented backup-by-copying-when-privileged-mismatch. Are there any objections to my fixing it now? My proposed change is attached: --=-=-= Content-Type: text/plain Content-Disposition: inline; filename=0001-backup-by-copying-when-privileged-mismatch-applies-t.patch Content-Description: [PATCH] >From e7aad688807f89532b1e6f2d67e6589c9f740859 Mon Sep 17 00:00:00 2001 From: Stephen Gildea Date: Fri, 20 Dec 2019 09:15:13 -0800 Subject: [PATCH] backup-by-copying-when-privileged-mismatch applies to file gid, too. * lisp/files.el (backup-by-copying-when-privileged-mismatch): In addition to checking the file uid, a second test is added: if the file gid is not greater than backup-by-copying-when-privileged-mismatch, backup-by-copying-when-mismatch will also be forced on. * doc/emacs/files.texi, doc/lispref/backups.texi: Updated documentation. Also fixed a typo in the Emacs reference manual, changing "higher" to "no greater" so that the limit is no longer documented reversed. --- doc/emacs/files.texi | 5 +++-- doc/lispref/backups.texi | 6 +++--- etc/NEWS | 5 +++++ lisp/files.el | 15 +++++++++------ 4 files changed, 20 insertions(+), 11 deletions(-) diff --git a/lisp/files.el b/lisp/files.el index a384e7136e..96f1e8d47e 100644 --- a/lisp/files.el +++ b/lisp/files.el @@ -134,10 +134,11 @@ backup-by-copying-when-mismatch (defcustom backup-by-copying-when-privileged-mismatch 200 "Non-nil means create backups by copying to preserve a privileged owner. Renaming may still be used (subject to control of other variables) -when it would not result in changing the owner of the file or if the owner -has a user id greater than the value of this variable. This is useful -when low-numbered uid's are used for special system users (such as root) -that must maintain ownership of certain files. +when it would not result in changing the owner of the file or if the +user id and group id of the file are both greater than the value of +this variable. This is useful when low-numbered uid's and gid's are +used for special system users (such as root) that must maintain +ownership of certain files. This variable is relevant only if `backup-by-copying' and `backup-by-copying-when-mismatch' are nil." :type '(choice (const nil) integer) @@ -4634,8 +4635,10 @@ backup-buffer (let ((attr (file-attributes real-file-name 'integer))) - (<= (file-attribute-user-id attr) - copy-when-priv-mismatch)))) + (or (<= (file-attribute-user-id attr) + copy-when-priv-mismatch) + (<= (file-attribute-group-id attr) + copy-when-priv-mismatch))))) (not (file-ownership-preserved-p real-file-name t))))) setmodes) diff --git a/doc/emacs/files.texi b/doc/emacs/files.texi index 7221edcc1b..f5dd408cc9 100644 --- a/doc/emacs/files.texi +++ b/doc/emacs/files.texi @@ -690,8 +690,9 @@ Backup Copying the file's owner or group, use copying. If you change @code{backup-by-copying-when-mismatch} to @code{nil}, -Emacs checks the numeric user-id of the file's owner. If this is -higher than @code{backup-by-copying-when-privileged-mismatch}, then it +Emacs checks the numeric user-id of the file's owner and the numeric +group-id of the file's group. If either is +no greater than @code{backup-by-copying-when-privileged-mismatch}, then it behaves as though @code{backup-by-copying-when-mismatch} is non-@code{nil} anyway. diff --git a/doc/lispref/backups.texi b/doc/lispref/backups.texi index 6a5b6d1661..c17d98eb19 100644 --- a/doc/lispref/backups.texi +++ b/doc/lispref/backups.texi @@ -232,11 +232,11 @@ Rename or Copy @defopt backup-by-copying-when-privileged-mismatch This variable, if non-@code{nil}, specifies the same behavior as @code{backup-by-copying-when-mismatch}, but only for certain user-id -values: namely, those less than or equal to a certain number. You set -this variable to that number. +and group-id values: namely, those less than or equal to a certain number. +You set this variable to that number. Thus, if you set @code{backup-by-copying-when-privileged-mismatch} -to 0, backup by copying is done for the superuser only, +to 0, backup by copying is done for the superuser and group 0 only, when necessary to prevent a change in the owner of the file. The default is 200. diff --git a/etc/NEWS b/etc/NEWS index cf4e705a52..00ba11d94a 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -533,7 +533,11 @@ The HIST argument of 'read-from-minibuffer' now works correctly with buffer-local variables. This means that different buffers can have their own separated input history list if desired. +** 'backup-by-copying-when-privileged-mismatch' applies to file gid, too. +In addition to checking the file owner uid, Emacs also checks that the +group gid is not greater than backup-by-copying-when-privileged-mismatch; +if so, backup-by-copying-when-mismatch will be forced on. + * Editing Changes in Emacs 27.1 -- 2.17.1 --=-=-=--