On Tue, 9 Dec 1997 windsor@warthog.com wrote:

: 	chown(2) automatically strips suid/sgid bits.  It doesn't need to,
: 	even to follow the POSIX specifications.  This is "new behavior"
: 	that is not consistent with other versions of unix (caveat: linux).

It's "old behavior" that dates back probably before even I was born.  (Well,
not that far, but a long, long time.  4.1 or 4.2BSD, at the very least.)

Solaris exhibits this behavior (except when chown/chgrp is being done as
root).  It clears _both_ set-id bits when a user other than root changes
group of a file (or owner, if POSIX_CHOWN_RESTRICTED has been turned off). 

SunOS 4.1.x exhibits this behavior, for both root and regular users.

That's all I can verify off-hand, and I do firmly believe that this safety
precaution is a Good Thing.  Linux is the glaring exception, if what you say
about them is true, and their behavior is therefore "new". 

This _is_ POSIX, for non-root users, and is common practice for root.  I'll
quote from IEEE STD 1003.1-1990, page 107: (Thank you Lucent for having
POSIX books in your library!  :) 

=====

5.6.5.1 Synopsis

#include <sys/types.h>

int chown(const char *path, uid_t owner, gid_t group);

5.6.5.2 Description

The path argument points to a pathname naming a file.  The user ID and group
ID of the named file are set to the numeric values contained in owner and
group respectively. 

.....

If the path argument refers to a regular file, the set-user-ID (S_ISUID) and
set-group-ID (S_ISGID) bits of the file mode shall be cleared upon
successful return from chown(), unless the call is made by a process with
appropriate privileges [NetBSD note: root], in which case it is
implementation defined whether those bits are altered.  If the chown() 
function is successfully invoked on a file that is not a regular file, these
bits may be cleared..... 

=====
== Todd Vierling (Personal tv@pobox.com; Business tv@lucent.com)
== Vierling's Axiom: The revolution won't be televised; it will be posted.