Received: from wolfsden.cz (wolfsden.cz [37.205.8.62])
	by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 03BF8780EC7
	for <~alpine/users@lists.alpinelinux.org>; Tue, 29 Sep 2020 16:35:46 +0000 (UTC)
Received: by wolfsden.cz (Postfix, from userid 110)
	id 1D5B541826E; Tue, 29 Sep 2020 16:35:45 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on wolfsden
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=ALL_TRUSTED,BAYES_00,
	DKIM_ADSP_ALL autolearn=no autolearn_force=no version=3.4.2
Received: from localhost (unknown [128.0.188.242])
	by wolfsden.cz (Postfix) with ESMTPSA id C92AF41826D;
	Tue, 29 Sep 2020 16:35:44 +0000 (UTC)
Date: Tue, 29 Sep 2020 18:35:44 +0200
From: Wolf <wolf@wolfsden.cz>
To: Winston Weinert <winston@ml1.net>
Cc: ~alpine/users@lists.alpinelinux.org
Subject: Re: umask 0022 creating directories with setgid?
Message-ID: <20200929163544.dhxdrz63njjhpqwj@wolfsden.cz>
References: <20200926184457.le4pu5gp6ukgi45c@ml1.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="4fqru6ehydebvxdy"
Content-Disposition: inline
In-Reply-To: <20200926184457.le4pu5gp6ukgi45c@ml1.net>


--4fqru6ehydebvxdy
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hello,

On 2020-09-26 13:44:57 -0500, Winston Weinert wrote:
> On some of my alpine boxes setting the umask to 0077 and subsequently run=
ning
> mkdir creates a directory with permissions 2700.  Has anybody noticed this
> strange behavior?

I think this is in general caused by busybox's adduser setting the sticky
bit on the home directory:

    +   $ podman run -it --rm alpine sh -c '
    adduser -D x
    ls -al /home
    su - x -c "mkdir a"
    su - x -c "umask 0077 && mkdir b"
    ls -al /home/x
    '
    total 0
    drwxr-xr-x    1 root     root             2 Sep 29 16:28 .
    drwxr-xr-x    1 root     root           114 Sep 29 16:26 ..
    drwxr-sr-x    1 x        x                0 Sep 29 16:28 x
    total 0
    drwxr-sr-x    1 x        x                4 Sep 29 16:28 .
    drwxr-xr-x    1 root     root             2 Sep 29 16:28 ..
    drwxr-sr-x    1 x        x                0 Sep 29 16:28 a
    drwx--S---    1 x        x                0 Sep 29 16:28 b

Notice that /home/x already has the bit set. As for the why S is there
even if it all should be 0 bits, from info page of ls:

    But =E2=80=98ls=E2=80=99 combines multiple bits into the third characte=
r of each set of
    permissions as follows:
   =20
         =E2=80=98s=E2=80=99
              If the set-user-ID or set-group-ID bit and the corresponding
              executable bit are both set.
   =20
         =E2=80=98S=E2=80=99
              If the set-user-ID or set-group-ID bit is set but the
              corresponding executable bit is not set.

So resetting the sgid bit on the home directory should get you the
behavior you seem to look for.

W.

--=20
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.

--4fqru6ehydebvxdy
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE7BIrb0FxyZaks1p7hTP5S2N55TgFAl9zYl8ACgkQhTP5S2N5
5ThPlhAAiEdzt0dp0yjuXtWGmQ9xbYhSxctyhwXFe2AH7bGjb0ub3fR1p5ayo+wb
YFObS+2uJiL18yt7ZaSx6imfH5QQkNXmC9UdPeBLrNKEAYV0HG+EKmZwawVoKAPy
7tOmHfHJg5TdVnPDGMyzgY7MlKxqhIF23uObJczKWAC13Lq4KdDiFlBBdOXYiWKd
vw9aAFtUEIplljb/WaMVe65nb5+EBfHUdVdeojUadGnH+7Chj5z5m9RvLsdlkvXM
pGUbyEHCSh1pLqF2KgsdDEg+xTXBAqkxPB/bt41kRzT6XsElvikep8Z21s8WMDUj
tnZshPq4kvjeiEl0HHczDl/qqlEoBq8wgnE31GTmH4qSusG71qe+S0txxGpqPS+p
rIMG2Je6xEKzKXog2qVrkF9DB/9vCunDHOhpQaarvo8RqUXzi1XJiVG6FIHhwx4p
GlY+fJvAXTwGcOUeF9waGDNUzEtbtEWkrFZBKuf3cnyW84PolmqO2lIU1MoOIuWR
kkOKerT7EvdTK090SpsXDvfkhVfYhvG2Z+BnPILv9/h05xdvhVDSQl4/QXbOtVv7
X9dSzj9xUTA1pW7UcdgaWLQwTfXeV37VBUMW2Y5PN6yu7ts41mXvrg3pnVl7vNck
IDAkZJpkCIkGBTV4EvbuRTn+XocqlCv5h/imIxyTKQPnvLXBqq8=
=PlYG
-----END PGP SIGNATURE-----

--4fqru6ehydebvxdy--