setfacl: changing owner and when S_ISUID should be set --restore fix

Fix a problem in setfacl --restore when the owner or group is changed
and the S_ISUID and S_ISGID are to be set.

The root of the problem is that chown() can clear the S_ISUID and
S_ISGID bits as described in chown(2):

 When  the  owner  or  group of an executable file are changed by a
 non- superuser, the S_ISUID and S_ISGID mode bits are cleared.   POSIX
 does not specify whether this also should happen when root does the
 chown(); the Linux behavior depends on the kernel version.  In case  of
 a  non- group-executable  file (i.e., one for which the S_IXGRP bit is
 not set) the S_ISGID bit indicates mandatory locking, and is not
 cleared  by  a chown().

To fix the issue re-stat() the file after chown() so that the logic
surrounding the chmod() has the updated mode of the file.

Signed-off-by: Brandon Philips <bphilips@suse.de>

1 files changed, 23 insertions, 0 deletions

diff --git a/test/root/restore.test b/test/root/restore.test
new file mode 100644
index 0000000..6003cd4
--- /dev/null
+++ b/test/root/restore.test
@@ -0,0 +1,23 @@
+Ensure setuid bit is restored when the owner changes
+ https://bugzilla.redhat.com/show_bug.cgi?id=467936#c7
+
+	$ touch passwd
+	$ chmod 755 passwd
+	$ chmod u+s passwd
+	$ getfacl passwd > passwd.acl
+	$ cat passwd.acl
+	> # file: passwd
+	> # owner: root
+	> # group: root
+	> # flags: s--
+	> user::rwx
+	> group::r-x
+	> other::r-x
+	>
+	$ chown bin passwd
+	$ chmod u+s passwd
+	$ setfacl --restore passwd.acl
+	$ ls -dl passwd | awk '{print $1 " " $3 " " $4}'
+	> -rwsr-xr-x root root
+
+	$ rm passwd passwd.acl