Chown and root

Rick Stevens rstevens at vitalstream.com
Tue Jul 6 22:25:04 UTC 2004 

Bob McClure Jr wrote:
> On Tue, Jul 06, 2004 at 02:31:33PM -0700, Waldher, Travis R wrote:
> 
>>>-----Original Message-----
>>>From: Bob McClure Jr [mailto:robertmcclure at earthlink.net] 
>>>Sent: Tuesday, July 06, 2004 1:43 PM
>>>To: Getting started with Red Hat Linux
>>>Subject: Re: Chown and root
>>>
>>>
>>>On Tue, Jul 06, 2004 at 01:23:40PM -0700, Waldher, Travis R wrote:
>>>
>>>>I am trying to locate the file you modify to all all users 
>>>
>>>to use the 
>>>
>>>>chown command. (without using SUDO or similar)
>>>>
>>>>Right now you have to be root.
>>>>
>>>>Thanks,
>>>>Travis
>>>
>>>I believe that is not possible.
>>>
>>>Tell us what your situation and bottom line are.  Perhaps 
>>>there is another way to do what you want.
>>>
>>
>>In a nutshell, our users are used to having chown available to them on
>>our HP/UX systems.
> 
> 
> Tell 'em, "Tough!"  ;-)
> 
> 
>>The Linux systems (Specifically Yellowdog in this case, which is based
>>off RedHat) don't allow this.
> 
> 
> Yes, I recall, in the not too distant past, being able to chown as a
> mere mortal, and being dismayed that I couldn't in Linux.  However, I
> have precious little need of it, so it's not bothered me.
> 
> 
>>Now, we may or may not want to turn this on, a subject of more
>>debate.
> 
> 
> I'm sure someone with more experience (Rick Stevens, call your
> office.) 

(RING!  RING!)
>          will have good information on why this is A Bad Idea(tm).  I
> think I heard a good story at one time, but I don't recall it just
> now.  Looking at the header file noted in your following para, I'd
> guess that removing chown from mere mortals was a POSIXification, and
> someone involved with POSIX had a good reason for it.

Mortal ability to change ownership of files was removed in POSIX for
security and accounting reasons.  For example, one could prevent a user
from accessing their own files (initial "chown" implementations didn't
check to see if the person "chown"ing the file owned it in the first
place). or you could create some huge great file:

	dd if=/dev/null of=somefile bs=1M bc=4096

then a "chown my-nemesis somefile" would force your nemesis over their
quota, thereby blocking their ability to create any files and blocking
mail delivery to their account.  That's just two examples.  There are
legions of others...none of them pretty.

Users could also accidentally change the ownership of a file and no
longer be able to access it.  This would, of course, cause an irate
phone call to the sysop where the caller would berate the sysop for not
keeping them from shooting themselves in the foot.

Linux chown does permit mortals to change the group of a file as long as
they are also a member of the group (essentially a "chgrp").

>>But, lets say we do, how do we do this?
>>
>>I've found an entry CAP_CHOWN in /usr/include/linux/capability.h that
>>looks like I could use to enable this. I'de still want someone wiser and
>>more knowledgeable than myself to confirm it though.
> 
> 
> Looks workable to me.  That means you'd have to build a new kernel,
> something I've not done since modular kernels came out.  Do be sure to
> keep your old (working) kernel in case something turns sour.

It really isn't part of the kernel.  That's part of the chown program.

The only way to do it is to fetch the chown source, tweak it by adding:

	#ifdef _POSIX_CHOWN_RESTRICTED
	#undef _POSIX_CHOWN_RESTRICTED
	#endif

after all the "#include"s and rebuilding it.  You could also set up a
shell script that does an sudo or is owned by root and has SETUID set.

Trust me, users DON'T need a full-up chown and giving them one simply
reinforces bad system administration policies and opens the door to a
lot of sysop headaches.  POSIX was right in restricting it.  Don't give
it to them.

Of course, that's just my opinion...I could be wrong.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-  Any sufficiently advanced technology is indistinguishable from a  -
-                              rigged demo.                          -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list