install: add FreeBSD's -U (unprivileged) option

docs/src/extensions.md

@@ -204,3 +204,7 @@ With `-U`/`--no-utf8`, you can interpret input files as 8-bit ASCII rather than
 ## `expand`
 
 `expand` also offers the `-U`/`--no-utf8` option to interpret input files as 8-bit ASCII instead of UTF-8.
+
+## `install`
+
+`install` offers FreeBSD's `-U` unprivileged option to not change the owner, the group, or the file flags of the destination.

src/uu/install/locales/en-US.ftl

@@ -19,6 +19,7 @@ install-help-verbose = explain what is being done
 install-help-preserve-context = preserve security context
 install-help-context = set security context of files and directories
 install-help-default-context = set SELinux security context of destination file and each created directory to default type
+install-help-unprivileged = do not require elevated privileges to change the owner, the group, or the file flags of the destination
 
 # Error messages
 install-error-dir-needs-arg = { $util_name } with -d requires at least one argument.

src/uu/install/locales/fr-FR.ftl

@@ -19,6 +19,7 @@ install-help-verbose = expliquer ce qui est fait
 install-help-preserve-context = préserver le contexte de sécurité
 install-help-context = définir le contexte de sécurité des fichiers et répertoires
 install-help-default-context = définir le contexte de sécurité SELinux du fichier de destination et de chaque répertoire créé au type par défaut
+install-help-unprivileged = ne pas nécessiter de privilèges élevés pour changer le propriétaire, le groupe ou les attributs du fichier de destination
 
 # Messages d'erreur
 install-error-dir-needs-arg = { $util_name } avec -d nécessite au moins un argument.

src/uu/install/src/install.rs

@@ -62,6 +62,7 @@ pub struct Behavior {
     preserve_context: bool,
     context: Option<String>,
     default_context: bool,
+    unprivileged: bool,
 }
 
 #[derive(Error, Debug)]
@@ -163,6 +164,7 @@ static OPT_VERBOSE: &str = "verbose";
 static OPT_PRESERVE_CONTEXT: &str = "preserve-context";
 static OPT_CONTEXT: &str = "context";
 static OPT_DEFAULT_CONTEXT: &str = "default-context";
+static OPT_UNPRIVILEGED: &str = "unprivileged";
 
 static ARG_FILES: &str = "files";
 
@@ -317,6 +319,13 @@ pub fn uu_app() -> Command {
                 .value_hint(clap::ValueHint::AnyPath)
                 .value_parser(clap::value_parser!(OsString)),
         )
+        .arg(
+            Arg::new(OPT_UNPRIVILEGED)
+                .short('U')
+                .long(OPT_UNPRIVILEGED)
+                .help(translate!("install-help-unprivileged"))
+                .action(ArgAction::SetTrue),
+        )
 }
 
 /// Determine behavior, given command line arguments.
@@ -416,6 +425,7 @@ fn behavior(matches: &ArgMatches) -> UResult<Behavior> {
 
     let context = matches.get_one::<String>(OPT_CONTEXT).cloned();
     let default_context = matches.get_flag(OPT_DEFAULT_CONTEXT);
+    let unprivileged = matches.get_flag(OPT_UNPRIVILEGED);
 
     Ok(Behavior {
         main_function,
@@ -439,6 +449,7 @@ fn behavior(matches: &ArgMatches) -> UResult<Behavior> {
         preserve_context: matches.get_flag(OPT_PRESERVE_CONTEXT),
         context,
         default_context,
+        unprivileged,
     })
 }
 
@@ -498,7 +509,9 @@ fn directory(paths: &[OsString], b: &Behavior) -> UResult<()> {
                 continue;
             }
 
-            show_if_err!(chown_optional_user_group(path, b));
+            if !b.unprivileged {
+                show_if_err!(chown_optional_user_group(path, b));
+            }
 
             // Set SELinux context for directory if needed
             #[cfg(feature = "selinux")]
@@ -922,7 +935,9 @@ fn set_ownership_and_permissions(to: &Path, b: &Behavior) -> UResult<()> {
         return Err(InstallError::ChmodFailed(to.to_path_buf()).into());
     }
 
-    chown_optional_user_group(to, b)?;
+    if !b.unprivileged {
+        chown_optional_user_group(to, b)?;
+    }
 
     Ok(())
 }
@@ -1125,17 +1140,17 @@ fn need_copy(from: &Path, to: &Path, b: &Behavior) -> bool {
 
     // Check if the owner ID is specified and differs from the destination file's owner.
     if let Some(owner_id) = b.owner_id {
-        if owner_id != to_meta.uid() {
+        if !b.unprivileged && owner_id != to_meta.uid() {
             return true;
         }
     }
 
     // Check if the group ID is specified and differs from the destination file's group.
     if let Some(group_id) = b.group_id {
-        if group_id != to_meta.gid() {
+        if !b.unprivileged && group_id != to_meta.gid() {
             return true;
         }
-    } else if needs_copy_for_ownership(to, &to_meta) {
+    } else if !b.unprivileged && needs_copy_for_ownership(to, &to_meta) {
         return true;
     }
 

tests/by-util/test_install.rs

@@ -2489,3 +2489,48 @@ fn test_install_non_utf8_paths() {
 
     ucmd.arg("-D").arg(source_file).arg(&target_path).succeeds();
 }
+
+#[test]
+#[cfg(not(feature = "feat_selinux"))]
+fn test_install_unprivileged_combined() {
+    let ts = TestScenario::new(util_name!());
+    let at = &ts.fixtures;
+    at.touch("a");
+    let uid = geteuid();
+    let gid = getegid();
+
+    let run_and_check =
+        |args: &[&str], target: &str, expected_uid: u32, expected_gid: u32, expected_mode: u32| {
+            if let Ok(result) = run_ucmd_as_root(&ts, args) {
+                result.success();
+                assert!(at.file_exists(target) || at.dir_exists(target));
+
+                let metadata = fs::metadata(at.plus(target)).unwrap();
+                assert_eq!(metadata.uid(), expected_uid);
+                assert_eq!(metadata.gid(), expected_gid);
+                assert_eq!(metadata.mode() & 0o7777, expected_mode);
+            } else {
+                print!("Test skipped; requires root user");
+            }
+        };
+
+    // uid/gid should not change when run as unprivileged user
+    run_and_check(
+        &["-UCv", "-m644", "-o1", "-g1", "a", "b"],
+        "b",
+        uid,
+        gid,
+        0o644,
+    );
+    // mode changes should still apply
+    run_and_check(&["-Cv", "-m666", "a", "d"], "d", uid, gid, 0o666);
+
+    // Same on directories
+    run_and_check(
+        &["-UCv", "-m755", "-o1", "-g1", "-d", "dir1/dir2"],
+        "dir1/dir2",
+        uid,
+        gid,
+        0o755,
+    );
+}