2005/05/24 restrict_chown, rstchown (restricting users from changing ownership)
I've removed advertising from most of this site and will eventually clean up the few pages where it remains.
While not terribly expensive to maintain, this does cost me something. If I don't get enough donations to cover that expense, I will be shutting the site down in early 2020.
If you found something useful today, please consider a small donation.
Some material is very old and may be incorrect today
© May 2005 Tony Lawrence
May 2005
Way back when, chown could be run by everyone. Berkeley Unix saw that as a bad idea and made it root only. Nowadays POSIX says it's up to you.
The default for Unix systems is that users can't change the ownership of files. That's probably the way it should be left, as the ability to do so opens up very bad security issues. Nevertheless, some systems allow this. It may be from a setting in /etc/system:
set rstchown=1
Or, it may be "sysctl" that controls this:
sysctl -a | grep chown fs.xfs.restrict_chown = 1
For these, a setting of 0 would allow non-root users to use chown.
On other systems, this sort of thing is a "privilege": HP-UX setprivgrp lets you control this (and other things) at the group level. Of course this can be allowed through sudo or similar privilege escalation
If you found something useful today, please consider a small donation.
Got something to add? Send me email.
(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version
-> -> 2005/05/24 restrict_chown, rstchown (restricting users from changing ownership)
Inexpensive and informative Apple related e-books:
Take Control of Apple Mail, Third Edition
Photos for Mac: A Take Control Crash Course
Take Control of Preview
Take Control of the Mac Command Line with Terminal, Second Edition
Take Control of Pages
More Articles by Tony Lawrence © 2009-11-07 Tony Lawrence
A Perl script is "correct" if it gets the job done before your boss fires you. (Larry Wall)
This post tagged:
Skills Tests
Unix/Linux Book Reviews
My Unix/Linux Troubleshooting Book
This site runs on Linode
Wed May 25 04:56:15 2005: 568 bela
"Berkeley Unix saw that as a bad idea and made it root only."
That's correct but incomplete. Berkeley introduced per-user filesystem quotas to Unix. The quota system worked by keeping track of how many blocks were owned by each UID on a filesystem. It was necessary to restrict chown() so that users couldn't beat the quota system by giving away their large files to another user with more free quota (or e.g. root, with unlimited quota).
Without restricted chown(), you could make a directory with mode 700 and create world-read/write files in it owned by someone else. You would have full access (including the right to delete the files -- granted by ownership of the parent directory), no quota charge, and nobody else could access the files.
So chown() became a privilege to be won.
>Bela<
------------------------
Printer Friendly Version
restrict_chown, rstchown (restricting users from changing ownership) Copyright © May 2005 Tony Lawrence
Have you tried Searching this site?
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.
Contact us
Printer Friendly Version