2005/05/24 restrict_chown, rstchown (restricting users from changing ownership)
Way back when, chown could be run by everyone. Berkeley Unix saw that as a bad idea and made it root only. Nowadays POSIX says it's up to you.
The default for Unix systems is that users can't change the ownership of files. That's probably the way it should be left, as the ability to do so opens up very bad security issues. Nevertheless, some systems allow this. It may be from a setting in /etc/system:
set rstchown=1
Or, it may be "sysctl" that controls this:
sysctl -a | grep chown fs.xfs.restrict_chown = 1
For these, a setting of 0 would allow non-root users to use chown.
On other systems, this sort of thing is a "privilege": HP-UX setprivgrp lets you control this (and other things) at the group level. Of course this can be allowed through sudo or similar privilege escalation
Got something to add? Send me email.
(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version
-> -> 2005/05/24 restrict_chown, rstchown (restricting users from changing ownership)
Increase ad revenue 50-250% with Ezoic
Inexpensive and informative Apple related e-books:
iOS 10: A Take Control Crash Course
Take Control of iCloud, Fifth Edition
Take Control of OS X Server
Take Control of Upgrading to Yosemite
Sierra: A Take Control Crash Course
More Articles by Tony Lawrence
Find me on Google+
© 2009-11-07 Tony Lawrence
Wed May 25 04:56:15 2005: 568 bela
"Berkeley Unix saw that as a bad idea and made it root only."
That's correct but incomplete. Berkeley introduced per-user filesystem quotas to Unix. The quota system worked by keeping track of how many blocks were owned by each UID on a filesystem. It was necessary to restrict chown() so that users couldn't beat the quota system by giving away their large files to another user with more free quota (or e.g. root, with unlimited quota).
Without restricted chown(), you could make a directory with mode 700 and create world-read/write files in it owned by someone else. You would have full access (including the right to delete the files -- granted by ownership of the parent directory), no quota charge, and nobody else could access the files.
So chown() became a privilege to be won.
>Bela<
------------------------
Printer Friendly Version
restrict_chown, rstchown (restricting users from changing ownership) Copyright © May 2005 Tony Lawrence
Have you tried Searching this site?
Support RatesThis is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.
Contact us
Printer Friendly Version