Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

File Mode issue when using setuid bits #392

Closed
mjmjelde opened this issue Nov 4, 2021 · 2 comments · Fixed by #395
Closed

File Mode issue when using setuid bits #392

mjmjelde opened this issue Nov 4, 2021 · 2 comments · Fixed by #395

Comments

@mjmjelde
Copy link

mjmjelde commented Nov 4, 2021

Howdy,

I have created an application that requires the setuid bit to be on one of the executable. However, when I have a custom file_info mode set with the setuid bit set, it does not actually get properly set in the deb or rpm package that is created. In fact, some weird permissions appear for the file in the deb package and the rpm package is not even able to install.

This is what I have in my nfpm.yaml file:

contents:
  - src: dist/myexec
    dst: /usr/local/bin/myexec
    file_info:
      mode: 4555
      owner: root
      group: root

But this is what permission actually show up in the package:

root@0db5c89952b8:/# ls -la /usr/local/bin/myexec
-rwx--x-wx. 1 root root 50326500 Nov  4 16:01 /usr/local/bin/myexec
@erikgeiser
Copy link
Member

erikgeiser commented Nov 4, 2021

You specified the file mode in decimal instead of octal which would be 04555. However, you still discovered a bug in the deb and apk packagers. The rpm packager does produce a file with suid bit when the mode is specified in octal, though.

The reason for the wrong behavior in the deb and apk packagers is that we use tar.FileInfoHeader which sets the mode to int64((*files.Content).Mode().Perm()) and the call to Perm() masks the suid bit with mode & ModePerm and ModePerm is 0777. We'll have to fix this by populating the tar header ourselves or by fixing the mode after calling tar.FileInfoHeader.

@erikgeiser
Copy link
Member

See #395.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 6, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants