Get APLawrence.com by RSS2005/05/24 restrict_chown, rstchown (restricting users from changing ownership)
Way back when, chown could be run by everyone. Berkeley Unix saw that as a bad idea and made it root only. Nowadays POSIX says it's up to you.
The default for Unix systems is that users can't change the ownership of files. That's probably the way it should be left, as the ability to do so opens up very bad security issues. Nevertheless, some systems allow this. It may be from a setting in /etc/system:
set rstchown=1
Or, it may be "sysctl" that controls this:
sysctl -a | grep chown
fs.xfs.restrict_chown = 1
For these, a setting of 0 would allow non-root users to use chown.
On other systems, this sort of thing is a "privilege": HP-UX setprivgrp lets you control this (and other things) at the group level. Of course this can be allowed through sudo or similar privilege escalation
Enter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)
| Views for this page | ||||
|---|---|---|---|---|
| Today | This Week | This Month | This Year | Overall |
| 2 | 4 | 2 | 907 | 2,737 |
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
http://www.schewanick.com SCO Unix, Solaris, Linx (various), PHP, MySQL, Apache, uniBasic, dL4, Perl, System Administration and more....
http://echo3.net/ Unix/Linux Custom Applications, Web Hosting, C/C++ Programming Courses
http://bcstechnology.net Full service Linux & UNIX systems integrator; Windows to UNIX/Linux Client-Server Specialist; Secure E-Mail & Website Hosting; Thoroughbred Software Developer; Custom Industrial Automation; Hardware & Electronics Experts; In Business Since 1985.
- Nov 30 20:25
I have 37,000 words of a 50,000 word project. I'd like to finish it this week.. - Nov 30 20:05
My wife made turkey sandwiches with stuffing and cranberry orange relish - I did not want to eat the last bite. Didn't want it to end!
Related Posts
Wed May 25 04:56:15 2005: Subject: bela
"Berkeley Unix saw that as a bad idea and made it root only."
That's correct but incomplete. Berkeley introduced per-user filesystem quotas to Unix. The quota system worked by keeping track of how many blocks were owned by each UID on a filesystem. It was necessary to restrict chown() so that users couldn't beat the quota system by giving away their large files to another user with more free quota (or e.g. root, with unlimited quota).
Without restricted chown(), you could make a directory with mode 700 and create world-read/write files in it owned by someone else. You would have full access (including the right to delete the files -- granted by ownership of the parent directory), no quota charge, and nobody else could access the files.
So chown() became a privilege to be won.
>Bela<
Add your comments