Reviewed by: hackers@freebsd.org in general

Obtained from: Whistle Communications tree

Add an option to the way UFS works dependent on the SUID bit of directories
This changes makes things a whole lot simpler on systems running as
fileservers for PCs and MACS. to enable the new code you must
1/ enable option SUIDDIR on the kernel.
2/ mount the filesystem with option suiddir.
hopefully this makes it difficult enough for people to
do this accidentally.
see the new chmod(2) man page for detailed info.

2 files changed, 32 insertions, 1 deletions

diff --git a/lib/libc/sys/chmod.2 b/lib/libc/sys/chmod.2
index d573bfd8..d4ba0cb 100644
--- a/lib/libc/sys/chmod.2
+++ b/lib/libc/sys/chmod.2
@@ -30,7 +30,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     @(#)chmod.2	8.1 (Berkeley) 6/4/93
-.\"	$Id: chmod.2,v 1.9 1997/03/21 20:57:18 mpp Exp $
+.\"	$Id: chmod.2,v 1.10 1997/08/17 00:19:28 steve Exp $
 .\"
 .Dd June 4, 1993
 .Dt CHMOD 2
@@ -112,6 +112,25 @@ permissions.
 For more details of the properties of the sticky bit, see
 .Xr sticky 8 .
 .Pp
+If mode ISUID (set UID) is set on a directory,
+and the MNT_SUIDDIR option was used in the mount of the filesystem,
+then the owner of any new files and sub-directories
+created within this directory are set 
+to be the same as the owner of that directory.
+If this function is enabled, new directories will inherit
+the bit from their parents.  Execute bits are removed from
+the file, and it will not be given to root. This behaviour does not change the
+requirements for the user to be allowed to write the file, but only the eventual
+owner after it has been created. Group inheritance is not effected.
+.Pp
+This feature is designed for use on fileservers serving PC users via
+ftp, SAMBA, or netatalk. It provides security holes for shell users and as
+such should not be used on shell machines, especially on home directories.
+This option requires the SUIDDIR
+option in the kernel to work. Only UFS filesystems support this option.
+For more details of the suiddir mount option, see 
+.Xr mount 8 .
+.Pp
 Writing or changing the owner of a file
 turns off the set-user-id and set-group-id bits
 unless the user is the super-user.
diff --git a/lib/libc/sys/mount.2 b/lib/libc/sys/mount.2
index d1199c2..25a2d8c 100644
--- a/lib/libc/sys/mount.2
+++ b/lib/libc/sys/mount.2
@@ -89,6 +89,8 @@ Do not honor setuid or setgid bits on files when executing them.
 Disable update of file access times.
 .It Dv MNT_NODEV
 Do not interpret special files on the filesystem.
+.It Dv MNT_SUIDDIR
+Directories with the SUID bit set chown new files to their own owner.
 .It Dv MNT_SYNCHRONOUS
 All I/O to the filesystem should be done synchronously.
 .It Dv MNT_ASYNC
@@ -153,6 +155,16 @@ even if files are still active.
 Active special devices continue to work,
 but any further accesses to any other active files result in errors
 even if the filesystem is later remounted.
+.Pp
+The
+.Dv MNT_SUIDDIR
+option requires the SUIDDIR option to have been compiled into the kernel
+to have any effect.
+See the
+.Xr mount 8 
+and
+.Xr chmod 2
+pages for more information.
 .Sh RETURN VALUES
 The
 .Fn mount