In <http://bugs.debian.org/393283>, Helge Hafting objected to the fact that GNU chown performs a DB look-up for a numeric "user name", e.g., in "chown 0 FILE". chown does this deliberately, in case "0" is an actual user *name*, that is associated potentially, with some numeric user ID. That is the historical behavior, and it is required for POSIX conformance.
Yes, that does sound silly, if not downright wrong. Who actually uses numeric user or group names these days? Of the systems that still allow such names, how many actually require or even use that capability? I propose to change GNU chown to perform that look-up of an all-numeric "user" or "group" string only when the POSIXLY_CORRECT envvar is set. Otherwise, (when POSIXLY_CORRECT is not set and a "name" is a valid user ID or group ID), chown would use the value obtained from converting the string with a function like strtoul. For consistency, the same policy would apply to chgrp. My motivation for making this change is mainly security. The paranoid user of chown (usually root) should not have to imagine that a numeric user name argument like "1000" might be interpreted as a name and mapped to "0". Can anyone present a case for *not* making this change? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
