changing ownership

[Fred Magee]

Ed,

If I change ownership to user "y" but the file still exists in my home
directory, won't it still be charged to my quota not the other users'?
Other flavors of Unix allow a user to change ownership of files that he
owns to any other user and also enforce quotas based on where in the
directory tree the file resides rather than on UID.  As long as I own a
file I should be able to change the owner to some one else unless the
quota system is based on UID and not on the directory involved.  Does
Red Hat base disk quotas on UID?

As to /etc/shadow, no non-privileged user should ever be owner of shadow
and thus cannot change the ownership of it.  The premise was
non-privileged user owned the file in question.

You are definitely correct about being careful with any script to do
this since a mistake that allows the script to run as root can be
devastating.  Since most systems create all files in /tmp with group and
world read permissions simply copying the file to /tmp and then back
should suffice.  You can even go to the extent of creating a transfer
directory in /tmp or another file system with carefully crafted
permissions if this is an ongoing need.  Then there is always "group"
permissions if this is ongoing since a consistent need for this implies
there is a grouping of needs there.

Fred Magee
ATK Mission Research
(505)768-7783
fred.magee at atk.com
 

-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Blackburn, Marvin
Sent: Monday, December 20, 2004 8:13 AM
To: General Red Hat Linux discussion list
Subject: RE: changing ownership

Ed,
Thanks for your reply.
I agree that the design is flawed; however, its something that
is difficult to change.

The work around is something similar to what I was thinking, but your's
is simpler.

Thanks for the response. 

> -----Original Message-----
> From: redhat-list-bounces at redhat.com 
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Ed Wilts
> Sent: Monday, December 20, 2004 9:54 AM
> To: General Red Hat Linux discussion list
> Subject: Re: changing ownership
> 
> On Mon, Dec 20, 2004 at 09:21:37AM -0500, Blackburn, Marvin wrote:
> > I have the need to have a non-priveleged user change the 
> ownership of a
> > file or files that he owns, to another non-privelged user.
> > 
> > Redhat does not permit this. 
> 
> Nor should it.  Think about the cases where you have disk quotas in
> effect.  If you allow user x to change ownership of a large 
> file to user
> y, you could potentially block user y from creating any more files on
> the volume and that user may not even be able to find or 
> change the file
> that x changed.
> 
> Think also about the case of a non-privileged user changing the
> ownership of /etc/shadow to himself and then making that file world
> readable or writable.  Your system is now totally compromised.
> 
> > We thought about using sudo, however this could be dangerous.
> > Is there a secure way to do this.
> 
> You'll have to ensure that the script you write is secure.  You must
> have sudo invoke a script of your creation and not allow any 
> user to run
> chown as root (or you could really, really set your system up for
> serious grief).  
> 
> In general, I do not believe you need to change ownership of 
> one file to
> another.  Your application design is busted. 
> 
> A simple workaround is for x to move the file that needs the ownership
> changed to a temporary directory and grant y access to the 
> file.  Then,
> y can take ownership of that file and move it to the place it 
> should be.
> 
> -- 
> Ed Wilts, RHCE
> Mounds View, MN, USA
> mailto:ewilts at ewilts.org
> Member #1, Red Hat Community Ambassador Program
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list