Skip to content

cannot setuid and setgid files via ignition #2042

New issue
New issue
Open
Open
cannot setuid and setgid files via ignition#2042
Labels
jirafor syncing to jira
@bexelbie

Description

@bexelbie
bexelbie
opened on Mar 25, 2025

Bug

Operating System Version

Reproduced on Flatcar and Fedora CoreOS

Ignition Version

Environment

BareMetal and Azure

Expected Behavior

Files setgid and setuid

Actual Behavior

Files not setgid or setuid

Reproduction Steps

Flatcar:

$ ls -l /opt/setuid-setgid-test/
total 97632
-rwxr-xr-x. 1 op op 24990551 Mar 16 16:49 normal
-rwxr-xr-x. 1 op op 24990551 Mar 16 16:49 setgid
-rwxr-xr-x. 1 op op 24990551 Mar 16 16:49 setuid
-rwxr-xr-x. 1 op op 24990551 Mar 16 16:49 setuid+setgid

Using:

variant: flatcar
version: 1.1.0

passwd:
  users:
    - name: core
      ssh_authorized_keys:
        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC1N+xhi9y/rHURF3P0c6TiEGizwFnTBKH5GbQI46uyb
    - name: op
      ssh_authorized_keys:
        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC1N+xhi9y/rHURF3P0c6TiEGizwFnTBKH5GbQI46uyb

storage:
  files:
    - path: /opt/setuid-setgid-test/setuid+setgid
      mode: 06755 # Set UID and GID
      user:
        name: op
      group:
        name: op
      contents:
        source: https://github.com/bexelbie/op-secret-manager/releases/latest/download/op-secret-manager-linux-amd64
    - path: /opt/setuid-setgid-test/setgid
      mode: 02755
      user:
        name: op
      group:
        name: op
      contents:
        source: https://github.com/bexelbie/op-secret-manager/releases/latest/download/op-secret-manager-linux-amd64
    - path: /opt/setuid-setgid-test/setuid
      mode: 04755
      user:
        name: op
      group:
        name: op
      contents:
        source: https://github.com/bexelbie/op-secret-manager/releases/latest/download/op-secret-manager-linux-amd64
    - path: /opt/setuid-setgid-test/normal
      mode: 0755
      user:
        name: op
      group:
        name: op
      contents:
        source: https://github.com/bexelbie/op-secret-manager/releases/latest/download/op-secret-manager-linux-amd64

Fedora CoreOS:

core@localhost:~$ stat /opt/setuid-setgid-test/setuid+setgid
  File: /opt/setuid-setgid-test/setuid+setgid
  Size: 24990551  	Blocks: 48816      IO Block: 4096   regular file
Device: 252,4	Inode: 29360257    Links: 1
Access: (0755/-rwxr-xr-x)  Uid: ( 1001/      op)   Gid: ( 1001/      op)
Context: system_u:object_r:var_t:s0
Access: 2025-03-20 09:20:34.188000000 +0000
Modify: 2025-03-20 09:20:36.847000000 +0000
Change: 2025-03-20 09:20:43.430000000 +0000
 Birth: 2025-03-20 09:20:34.188000000 +0000
core@localhost:~$ cat /etc/os-release
NAME="Fedora Linux"
VERSION="41.20250302.3.2 (CoreOS)"
RELEASE_TYPE=stable
ID=fedora
VERSION_ID=41
VERSION_CODENAME=""
PLATFORM_ID="platform:f41"
PRETTY_NAME="Fedora CoreOS 41.20250302.3.2"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:41"
HOME_URL="https://getfedora.org/coreos/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora-coreos/"
SUPPORT_URL="https://github.com/coreos/fedora-coreos-tracker/"
BUG_REPORT_URL="https://github.com/coreos/fedora-coreos-tracker/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=41
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=41
SUPPORT_END=2025-12-15
VARIANT="CoreOS"
VARIANT_ID=coreos
OSTREE_VERSION='41.20250302.3.2'

Using


variant: fcos
version: 1.6.0

passwd:
  users:
    - name: core
      ssh_authorized_keys:
        - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPKIbw6kZVnn7mih7Av2wk+eNZNIag8yZkKT54vICh1tcUro/PtCin+xlyJeN5yrokF3n7UMIMcwPe+QGEaoAPImSGxstpXzSXSxFo9npmcsA3cbJQReiwjVU6NDRBbYGrCgYdPtshHOMN19J+vIbRPCBZtZZbguQTBO9gDn/5uhzikZ3b7J2VWy2cOtkfBP6AwVM+9ZmKwLaF6CWIEx23BLJjpLtkuNHOjtg0SuqAF1D+lEEf7Ld77zVDMst1waCz2HfSEIr+a7J1/VaBMvxqG8iHwnVV3JcxuYZpYy7lGLAVb9V1SHbAbV54rKdqS5Eetqk9Woo2ABdaCZB//bn9Qs0q5kjw6cUlGleqKZzEFtxMZr6fJIzcd8TGLX+QOBlSMfszCcsdo6/LG8X3ySvDE+vqGTlHPXpeaHJv9Z21rZTnXIB/toVo/6iMrJseBrb6FUkp3oIqSWVTivEoKprTM2cc1ft4mRsmHWLCo1yonX9WfA8etgp/bAiAb4fwpG2oE7E/Mf5y+hS0EH5M88LBfxJMpNkjTkaWxcYfHUQHJGVv//fN5r4JC4ZNVc/PyU5WqmHoTBtQeCZ1p8o7VEwOJCRDl+Np/ykrPB1AobnSsNeiuUD1uCPs3KjzggTt3AeNRXKX2q0N9/dfsFEBTmJFZuSfTcoGUSBEUadfWucIww== [email protected]
    - name: op
      ssh_authorized_keys:
        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC1N+xhi9y/rHURF3P0c6TiEGizwFnTBKH5GbQI46uyb

storage:
  files:
    - path: /opt/setuid-setgid-test/setuid+setgid
      mode: 06755 # Set UID and GID
      user:
        name: op
      group:
        name: op
      contents:
        source: https://github.com/bexelbie/op-secret-manager/releases/latest/download/op-secret-manager-linux-amd64
    - path: /opt/setuid-setgid-test/setgid
      mode: 02755
      user:
        name: op
      group:
        name: op
      contents:
        source: https://github.com/bexelbie/op-secret-manager/releases/latest/download/op-secret-manager-linux-amd64
    - path: /opt/setuid-setgid-test/setuid
      mode: 04755
      user:
        name: op
      group:
        name: op
      contents:
        source: https://github.com/bexelbie/op-secret-manager/releases/latest/download/op-secret-manager-linux-amd64
    - path: /opt/setuid-setgid-test/normal
      mode: 0755
      user:
        name: op
      group:
        name: op
      contents:
        source: https://github.com/bexelbie/op-secret-manager/releases/latest/download/op-secret-manager-linux-amd64

Other Information

See also flatcar/Flatcar#1688

Metadata

Metadata

Assignees

No one assigned

    Labels

    jirafor syncing to jira

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions