When copying into a setgid dir, an extra option --times has the unwanted side effect of making the newly created directories not have the setgid bit set (and of creating files inside a newly created directory that do not belong to the setgid group as expected); this happens only if the rsync user is not a member of the setgid group. In a shell one can set file times with touch(1) without losing the setgid bit so rsync should be able to do so too (and if it does not document that). Small shell script demonstrating the bug: ```log $ mkdir ~/testdir && cd ~/testdir $ mkdir -p src/subdir dest $ touch src/file src/subdir/file $ chmod 2750 dest $ sudo chgrp games dest $ groups |grep games || echo "$USER is not a member of games" guest is not a member of games $ ls -lR src src: total 4 -rw-r----- 1 guest guest 0 Jan 20 14:09 file drwxr-x--- 2 guest guest 4096 Jan 20 14:09 subdir src/subdir: total 0 -rw-r----- 1 guest guest 0 Jan 20 14:09 file $ groups |grep games || echo "guest is not a member of games" guest is not a member of games ## Without --tiles, setgid bit and group set as expected $ rsync -r src/ dest $ ls -lR dest dest: total 4 -rw-r----- 1 guest games 0 Jan 20 14:16 file drwxr-s--- 2 guest games 4096 Jan 20 14:16 subdir dest/subdir: total 0 -rw-r----- 1 guest games 0 Jan 20 14:16 file $ rm -rf dest/* ## With --times, missing setgid bit and group inside subdir $ rsync -rt src/ dest $ ls -lR dest dest: total 4 -rw-r----- 1 guest games 0 Jan 20 14:09 file drwxr-x--- 2 guest games 4096 Jan 20 14:09 subdir dest/subdir: total 0 -rw-r----- 1 guest guest 0 Jan 20 14:09 file $ rm -rf dest/* ## With --times and --omit-dir-times, setgid bit and group set as expected $ rsync -rtO src/ dest $ ls -lR dest dest: total 4 -rw-r----- 1 guest games 0 Jan 20 14:09 file drwxr-s--- 2 guest games 4096 Jan 20 14:20 subdir dest/subdir: total 0 -rw-r----- 1 guest games 0 Jan 20 14:09 file $ rm -rf dest/* ``` The version is 3.1.2 from Debian stretch: ```log $ rsync --version rsync version 3.1.2 protocol version 31 Copyright (C) 1996-2015 by Andrew Tridgell, Wayne Davison, and others. Web site: http://rsync.samba.org/ Capabilities: 64-bit files, 64-bit inums, 64-bit timestamps, 64-bit long ints, socketpairs, hardlinks, symlinks, IPv6, batchfiles, inplace, append, ACLs, xattrs, iconv, symtimes, prealloc rsync comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the GNU General Public Licence for details. $ dpkg -l rsync Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-=============================-===================-===================-=============================================================== ii rsync 3.1.2-1+deb9u1 amd64 fast, versatile, remote (and local) file-copying tool ``` Regards, -- Géraud Meyer
Root cause here is that in some modes rsync will create a directory first, then later go back and fix up its modes. This is necessary if (for example) the final modes prevent writing by the owner, and convenient in some other cases, in particular when preserving directory times. However, Linux will not allow a user to set OR LEAVE SET the setgid bit if the user is not a member of the group associated with the object, EVEN THOUGH it can implicitly create such a thing. Thus: $ mkdir setgid-dir $ chmod g+s setgid-dir $ sudo chgrp games setgid-dir # need root permission here! $ touch setgid-dir/file $ mkdir setgid-dir/subdir $ ls -la setgid-dir/ total 12 drwxrwsr-x 3 guest games 4096 Apr 4 11:35 ./ drwxrwxr-x 6 guest guest 4096 Apr 4 11:34 ../ drwxrwsr-x 2 guest games 4096 Apr 4 11:35 subdir/ -rw-rw-r-- 1 guest games 0 Apr 4 11:35 file $ # Note that subdir has been created setgid with gid=games even $ # though user 'guest' could not set that combination explicitly $ chmod o+w setgid-dir/* $ ls -la setgid-dir/ total 12 drwxrwsr-x 3 guest games 4096 Apr 4 11:35 . drwxrwxr-x 6 guest guest 4096 Apr 4 11:34 .. drwxrwxrwx 2 guest games 4096 Apr 4 11:35 subdir/ -rw-rw-rw- 1 guest games 0 Apr 4 11:35 file $ # Note that subdir is no longer setgid! Arguably, this is a misfeature of the chmod(2) system call: If the calling process is not privileged, and the group of the file does not match the effective group ID of the process or one of its supplementary group IDs, the S_ISGID bit will be turned off, but this will not cause an error to be returned. which is obviously sensible for (executable) files, but not necessarily for directories, where setgid means something completely different. Anyway, in the --omit-dir-times case rsync creates the directory with the default modes (and the OS implicitly adds the setgid bit) and doesn't have to call chmod(2) later, whereas in the --times case the directory is created with modes 0700 (to which the OS adds the setgid bit) and then later rsync calls chmod("subdir", 02750) which results in the setgid bit being cleared! HTH, .Dave.