mv loses ownership on cross-device moves

[sylvestre]

Component

mv

Description

When moving files across filesystem boundaries, mv falls back to copy-and-delete. The current implementation uses fs::copy() and create_dir_all() without restoring source ownership on the destination.

Files moved by root from one device to another become owned by root, even if they were originally owned by other users. GNU mv preserves ownership in this scenario by calling chown() after the copy step. The issue affects three code paths: rename_file_fallback, copy_file_with_hardlinks_helper, and copy_dir_contents_recursive.

Non-root users cannot preserve arbitrary ownership due to kernel restrictions, so the correctness gap is most visible when mv runs as root.

Test / Reproduction Steps

touch /tmp/testfile
sudo chown 1000:1000 /tmp/testfile
sudo mount -t tmpfs tmpfs /mnt/other
sudo mv /tmp/testfile /mnt/other/
ls -ln /mnt/other/testfile  # shows 0:0 (root), should be 1000:1000
sudo umount /mnt/other

Impact

Files moved by root across devices lose their original ownership, breaking admin scripts, backups, and migrations that depend on mv preserving metadata like an in-filesystem rename.

[oech3]

#9672