<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Issue 2720: permissions function incorrectly specified for symlinks</title>
<meta property="og:title" content="Issue 2720: permissions function incorrectly specified for symlinks">
<meta property="og:description" content="C++ library issue. Status: C++17">
<meta property="og:url" content="https://cplusplus.github.io/LWG/issue2720.html">
<meta property="og:type" content="website">
<meta property="og:image" content="http://cplusplus.github.io/LWG/images/cpp_logo.png">
<meta property="og:image:alt" content="C++ logo">
<style>
  p {text-align:justify}
  li {text-align:justify}
  pre code.backtick::before { content: "`" }
  pre code.backtick::after { content: "`" }
  blockquote.note
  {
    background-color:#E0E0E0;
    padding-left: 15px;
    padding-right: 15px;
    padding-top: 1px;
    padding-bottom: 1px;
  }
  ins {background-color:#A0FFA0}
  del {background-color:#FFA0A0}
  table.issues-index { border: 1px solid; border-collapse: collapse; }
  table.issues-index th { text-align: center; padding: 4px; border: 1px solid; }
  table.issues-index td { padding: 4px; border: 1px solid; }
  table.issues-index td:nth-child(1) { text-align: right; }
  table.issues-index td:nth-child(2) { text-align: left; }
  table.issues-index td:nth-child(3) { text-align: left; }
  table.issues-index td:nth-child(4) { text-align: left; }
  table.issues-index td:nth-child(5) { text-align: center; }
  table.issues-index td:nth-child(6) { text-align: center; }
  table.issues-index td:nth-child(7) { text-align: left; }
  table.issues-index td:nth-child(5) span.no-pr { color: red; }
  @media (prefers-color-scheme: dark) {
     html {
        color: #ddd;
        background-color: black;
     }
     ins {
        background-color: #225522
     }
     del {
        background-color: #662222
     }
     a {
        color: #6af
     }
     a:visited {
        color: #6af
     }
     blockquote.note
     {
        background-color: rgba(255, 255, 255, .10)
     }
  }
</style>
</head>
<body>
<hr>
<p><em>This page is a snapshot from the LWG issues list, see the <a href="lwg-active.html">Library Active Issues List</a> for more information and the meaning of <a href="lwg-active.html#C++17">C++17</a> status.</em></p>
<h3 id="2720"><a href="lwg-defects.html#2720">2720</a>. <code>permissions</code> function incorrectly specified for symlinks</h3>
<p><b>Section:</b> 31.12.13.27 <a href="https://wg21.link/fs.op.permissions">[fs.op.permissions]</a> <b>Status:</b> <a href="lwg-active.html#C++17">C++17</a>
 <b>Submitter:</b> Eric Fiselier <b>Opened:</b> 2016-05-28 <b>Last modified:</b> 2017-07-30</p>
<p><b>Priority: </b>2
</p>
<p><b>View all other</b> <a href="lwg-index.html#fs.op.permissions">issues</a> in [fs.op.permissions].</p>
<p><b>View all issues with</b> <a href="lwg-status.html#C++17">C++17</a> status.</p>
<p><b>Discussion:</b></p>
<p>
Currently when adding or removing permissions the <code>permissions(p, prms, [...])</code> function always 
determines the current permissions for a file <code>p</code> using <code>status(p).permissions()</code>. This 
means that it resolves symlinks even when <code>perms::resolve_symlinks</code> was not specified.
<p/>
I believe this is the incorrect behavior. Instead <code>symlink_status(p).permissions()</code> should be used 
unless <code>perms::resolve_symlinks</code> is specified.
</p>

<p><strong>Previous resolution [SUPERSEDED]:</strong></p>
<blockquote class="note">
<p>This wording is relative to N4582.</p>
<ol>
<li><p>In 31.12.13.27 <a href="https://wg21.link/fs.op.permissions">[fs.op.permissions]</a> change Table 150 &mdash; "Effects of permission bits" as indicated:</p>

<blockquote>
<table border="1">
<caption>Table 150 &mdash; Effects of permission bits</caption>

<tr>
<th>Bits present in <code>prms</code></th>
<th>Effective bits applied</th>
</tr>

<tr>
<td>Neither <code>add_perms</code> nor <code>remove_perms</code></td>
<td><code>prms &amp; perms::mask</code></td>
</tr>

<tr>
<td><code>add_perms</code> <ins>and <code>resolve_symlinks</code></ins></td>
<td><code>status(p).permissions() | (prms &amp; perms::mask)</code></td>
</tr>

<tr>
<td><code>remove_perms</code> <ins>and <code>resolve_symlinks</code></ins></td>
<td><code>status(p).permissions() &amp; (prms &amp; perms::mask)</code></td>
</tr>

<tr>
<td><ins><code>add_perms</code> and not <code>resolve_symlinks</code></ins></td>
<td><ins><code>symlink_status(p).permissions() | (prms &amp; perms::mask)</code></ins></td>
</tr>

<tr>
<td><ins><code>remove_perms</code> and not <code>resolve_symlinks</code></ins></td>
<td><ins><code>symlink_status(p).permissions() &amp; ~(prms &amp; perms::mask)</code></ins></td>
</tr>

</table> 

</blockquote>
</li>
</ol>

</blockquote>

<p><i>[2016-06, Oulu &mdash; Jonathan comments and provides alternative wording]</i></p>

<p>
We agree there is an issue here, but I don't like the proposed
resolution. If Eric's P/R is accepted then it changes the default
behaviour (when users do not set the <code>perms::resolve_symlinks</code> bit) to
modify the permissions of the symlink itself.
<p/>
I claim that modifying the permissions of a symlink (rather than what
it points to) is not a sensible default. It is not supported by the
POSIX <code>chmod</code> system call. To change permissions of a symlink with POSIX
you must use the newer <code>fchmodat</code> function and the <code>AT_SYMLINK_NOFOLLOW</code>
flag, see <a href="http://pubs.opengroup.org/onlinepubs/9699919799/functions/chmod.html">here</a>.
<p/>
Changing permissions of a symlink is not possible using the GNU <code>chmod</code> util, see
<a href="http://www.gnu.org/software/coreutils/manual/html_node/chmod-invocation.html">here</a>:
</p>
<blockquote><p>
"<code>chmod</code> never changes the permissions of symbolic links, since the
<code>chmod</code> system call cannot change their permissions. This is not a
problem since the permissions of symbolic links are never used."
</p></blockquote>
<p>
BSD <code>chmod</code> does provide a switch to change a symlink's permissions, but
it's not the default.
<p/>
I suggest that we should replace the
<code>filesystem::perms::resolve_symlinks</code> enumerator with
<code>filesystem::perms::symlink_nofollow</code> (paint the bikeshed!), so that the
default is sensible, and the uncommon, useless alternative of changing
the symlink itself requires setting a bit in the flags explicitly.
<p/>
<code>resolve_symlinks</code> is unused in the spec today, the only mention is its
definition in Table 147.
</p>

<p><i>[2016-06, Oulu]</i></p>

<p>
There exists a slightly related issue, <a href="lwg-defects.html#2728" title="status(p).permissions() and symlink_status(p).permissions() are not specified (Status: C++17)">2728</a><sup><a href="https://cplusplus.github.io/LWG/issue2728" title="Latest snapshot">(i)</a></sup>.
</p>
<p><i>[2016-06 Oulu]</i></p>

<p>Tuesday: Move to Ready. JW and Eric to implement and report back if problems found.</p>
<p>Friday: status to Immediate</p>


<p id="res-2720"><b>Proposed resolution:</b></p>
<p>This wording is relative to N4594.</p>
<ol>
<li><p>Change Table 147 &mdash; "Enum class <code>perms</code>" as indicated:</p>

<blockquote>
<table border="1">
<caption>Table 147 &mdash; Enum class <code>perms</code></caption>

<tr>
<th>Name</th>
<th>Value<br/>(octal)</th>
<th><code>POSIX</code><br/>macro</th>
<th>Definition or notes</th>
</tr>

<tr>
<td><code><ins>symlink_nofollow</ins><del>resolve_symlinks</del></code></td>
<td><code>0x40000</code></td>
<td></td>
<td><code>permissions()</code> shall <ins>change the permissions of symbolic links</ins><del>resolve symlinks</del></td>
</tr>

</table> 

</blockquote>
</li>

<li><p>Edit 31.12.13.27 <a href="https://wg21.link/fs.op.permissions">[fs.op.permissions]</a>:</p>

<blockquote>
<pre>
void permissions(const path&amp; p, perms prms);
void permissions(const path&amp; p, perms prms, error_code&amp; ec) noexcept;
</pre>
<blockquote>
<p>
-1- <i>Requires:</i> <code>!((prms &amp; perms::add_perms) != perms::none &amp;&amp; (prms &amp; perms::remove_perms) !=
perms::none)</code>.
<p/>
-2- <i>Effects:</i> Applies the effective permissions bits from <code>prms</code> to the file <code>p</code> resolves to, 
<ins>or if that file is a symbolic link and <code>symlink_nofollow</code> is not set in <code>prms</code>, the file that it 
points to,</ins> as if by POSIX
<code>fchmodat()</code>. The effective permission bits are determined as specified in Table 150<ins>, where <code>s</code> is 
the result of <code>(prms &amp; perms::symlink_nofollow) != perms::none ? symlink_status(p) : status(p)</code></ins>.
</p>
</blockquote>
</blockquote>
</li>

<li><p>Change Table 150 &mdash; "Effects of permission bits" as indicated:</p>

<blockquote class="note">
<p>
[<i>Drafting note:</i> Very recently the project editor had already fixed a typo in Table 150 
<a href="https://github.com/cplusplus/draft/commit/256d202e61f4317f30ae839125e714e8192690d4">editorially</a>,
the applied change effectively was:
</p>
<blockquote><pre>
status(p).permissions() &amp; <ins>~</ins>(prms &amp; perms::mask)
</pre></blockquote>
<p>
]
</p>
</blockquote>

<blockquote>
<table border="1">
<caption>Table 150 &mdash; Effects of permission bits</caption>

<tr>
<th>Bits present in <code>prms</code></th>
<th>Effective bits applied</th>
</tr>

<tr>
<td>Neither <code>add_perms</code> nor <code>remove_perms</code></td>
<td><code>prms &amp; perms::mask</code></td>
</tr>

<tr>
<td><code>add_perms</code></td>
<td><code>s<del>tatus(p)</del>.permissions() | (prms &amp; perms::mask)</code></td>
</tr>

<tr>
<td><code>remove_perms</code></td>
<td><code>s<del>tatus(p)</del>.permissions() &amp; (prms &amp; perms::mask)</code></td>
</tr>

</table> 

</blockquote>
</li>
</ol>





</body>
</html>
