internal/exec/util/file: correctly set ownership and permissions

prestist · prestist · commit ab57b8b833d1 · 2025-04-16T17:04:06.000-04:00
fixes: #2042
diff --git a/internal/exec/util/file.go b/internal/exec/util/file.go
@@ -151,20 +151,22 @@ func (u Util) WriteLink(s types.Link) error {
 }
 
 func (u Util) SetPermissions(mode *int, node types.Node) error {
-	if mode != nil {
-		if err := os.Chmod(node.Path, ToFileMode(*mode)); err != nil {
-			return fmt.Errorf("failed to change mode of %s: %v", node.Path, err)
-		}
-	}
-
+	// Set ownership and then permissions, https://man7.org/linux/man-pages/man2/lchown.2.html
+	// "... When the owner or group of an executable file is changed by an
+	// unprivileged user, the S_ISUID and S_ISGID mode bits are cleared..."
 	defaultUid, defaultGid, _ := getFileOwnerAndMode(node.Path)
 	uid, gid, err := u.ResolveNodeUidAndGid(node, defaultUid, defaultGid)
-	if err != nil {
-		return fmt.Errorf("failed to determine correct uid and gid for %s: %v", node.Path, err)
-	}
 	if err := os.Lchown(node.Path, uid, gid); err != nil {
 		return fmt.Errorf("failed to change ownership of %s: %v", node.Path, err)
 	}
+	if mode != nil {
+		if err != nil {
+			return fmt.Errorf("failed to determine correct uid and gid for %s: %v", node.Path, err)
+		}
+		if err := os.Chmod(node.Path, ToFileMode(*mode)); err != nil {
+			return fmt.Errorf("failed to change mode of %s: %v", node.Path, err)
+		}
+	}
 	return nil
 }
 
