chown(8): mention that this utility clears setuid/setgid bits by default;

from stuart henderson (pr #4149);

chown(2)/chown(8): mention that sysctl variable fs.posix.setuid=0
overrides this behaviour;
from millert and otto;

ok deraadt@ otto@ millert@

1 files changed, 7 insertions, 1 deletions

diff --git a/lib/libc/sys/chown.2 b/lib/libc/sys/chown.2
index 9c82a88c63e..f6696f4f1c5 100644
--- a/lib/libc/sys/chown.2
+++ b/lib/libc/sys/chown.2
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: chown.2,v 1.12 2003/06/02 20:18:39 millert Exp $
+.\"	$OpenBSD: chown.2,v 1.13 2005/03/16 20:31:08 jmc Exp $
 .\"	$NetBSD: chown.2,v 1.10 1995/10/12 15:40:47 jtc Exp $
 .\"
 .\" Copyright (c) 1980, 1991, 1993, 1994
@@ -62,10 +62,16 @@ to a group of which he or she is a member, but the change
 .Fa owner
 capability is restricted to the superuser.
 .Pp
+By default,
 .Fn chown
 clears the set-user-ID and set-group-ID bits on the file
 to prevent accidental or mischievous creation of
 set-user-ID and set-group-ID programs.
+This behaviour can be overridden by setting the
+.Xr sysctl 8
+variable
+.Va fs.posix.suid
+to zero.
 .Pp
 .Fn lchown
 operates similarly to how