keep SGID when file is non-group-executable (#773)

a101f145 · Davies Liu · GitHub · cd901081 · a101f145 · a101f145
隐藏空白更改
内联并排

Showing with 25 addition and 12 deletion

pkg/meta/redis.go pkg/meta/redis.go +8 -3

pkg/meta/redis_test.go pkg/meta/redis_test.go +1 -3

pkg/meta/sql.go pkg/meta/sql.go +8 -3

pkg/meta/tkv.go pkg/meta/tkv.go +8 -3

未找到文件。
--- a/pkg/meta/redis.go
+++ b/pkg/meta/redis.go
@@ -1127,11 +1127,16 @@ func (r *redisMeta) SetAttr(ctx Context, inode Ino, set uint16, sugidclearmode u
 		}
 		var changed bool
 		if (cur.Mode&06000) != 0 && (set&(SetAttrUID|SetAttrGID)) != 0 {
-			if cur.Mode&01777 != cur.Mode {
+			if ctx.Uid() != 0 || (cur.Mode>>3)&1 != 0 {
+				// clear SUID and SGID
 				cur.Mode &= 01777
-				changed = true
+				attr.Mode &= 01777
+			} else {
+				// keep SGID if the file is non-group-executable
+				cur.Mode &= 03777
+				attr.Mode &= 03777
 			}
-			attr.Mode &= 01777
+			changed = true
 		}
 		if set&SetAttrUID != 0 && cur.Uid != attr.Uid {
 			cur.Uid = attr.Uid

--- a/pkg/meta/redis_test.go
+++ b/pkg/meta/redis_test.go
@@ -122,13 +122,11 @@ func testMetaClient(t *testing.T, m Meta) {
 	}
 	// check owner permission
 	var p1, c1 Ino
-	if st := m.Mkdir(ctx2, 1, "d1", 02777, 022, 0, &p1, attr); st != 0 {
+	if st := m.Mkdir(ctx2, 1, "d1", 02766, 022, 0, &p1, attr); st != 0 {
 		t.Fatalf("mkdir d1: %s", st)
 	}
 	attr.Gid = 1
 	m.SetAttr(ctx, p1, SetAttrGID, 0, attr)
-	attr.Mode |= 02000
-	m.SetAttr(ctx, p1, SetAttrMode, 0, attr)
 	if attr.Mode&02000 == 0 {
 		t.Fatalf("SGID is lost")
 	}

--- a/pkg/meta/sql.go
+++ b/pkg/meta/sql.go
@@ -784,11 +784,16 @@ func (m *dbMeta) SetAttr(ctx Context, inode Ino, set uint16, sugidclearmode uint
 		}
 		var changed bool
 		if (cur.Mode&06000) != 0 && (set&(SetAttrUID|SetAttrGID)) != 0 {
-			if cur.Mode&01777 != cur.Mode {
+			if ctx.Uid() != 0 || (cur.Mode>>3)&1 != 0 {
+				// clear SUID and SGID
 				cur.Mode &= 01777
-				changed = true
+				attr.Mode &= 01777
+			} else {
+				// keep SGID if the file is non-group-executable
+				cur.Mode &= 03777
+				attr.Mode &= 03777
 			}
-			attr.Mode &= 01777
+			changed = true
 		}
 		if set&SetAttrUID != 0 && cur.Uid != attr.Uid {
 			cur.Uid = attr.Uid

--- a/pkg/meta/tkv.go
+++ b/pkg/meta/tkv.go
@@ -979,11 +979,16 @@ func (m *kvMeta) SetAttr(ctx Context, inode Ino, set uint16, sugidclearmode uint
 		}
 		var changed bool
 		if (cur.Mode&06000) != 0 && (set&(SetAttrUID|SetAttrGID)) != 0 {
-			if cur.Mode&01777 != cur.Mode {
+			if ctx.Uid() != 0 || (cur.Mode>>3)&1 != 0 {
+				// clear SUID and SGID
 				cur.Mode &= 01777
-				changed = true
+				attr.Mode &= 01777
+			} else {
+				// keep SGID if the file is non-group-executable
+				cur.Mode &= 03777
+				attr.Mode &= 03777
 			}
-			attr.Mode &= 01777
+			changed = true
 		}
 		if set&SetAttrUID != 0 && cur.Uid != attr.Uid {
 			cur.Uid = attr.Uid