changing ownership

IT Dept ismanager at ccbnpts.com
Mon Dec 20 15:41:45 UTC 2004 

You could also make a "share" group and directory for those users that
will need to share files. Then simply change the group access level and
ownership on the file and have it in that group's directory and add the
users to that group. Then all in the group would have access to it and
there would be no need to switch owners back and forth. Future files
could then be added and modified as needed without much additional
effort.

Paul Pettit
CCB Inc.

-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Blackburn, Marvin
Sent: Monday, December 20, 2004 9:13 AM
To: General Red Hat Linux discussion list
Subject: RE: changing ownership


Ed,
Thanks for your reply.
I agree that the design is flawed; however, its something that
is difficult to change.

The work around is something similar to what I was thinking, but your's
is simpler.

Thanks for the response. 

> -----Original Message-----
> From: redhat-list-bounces at redhat.com 
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Ed Wilts
> Sent: Monday, December 20, 2004 9:54 AM
> To: General Red Hat Linux discussion list
> Subject: Re: changing ownership
> 
> On Mon, Dec 20, 2004 at 09:21:37AM -0500, Blackburn, Marvin wrote:
> > I have the need to have a non-priveleged user change the 
> ownership of a
> > file or files that he owns, to another non-privelged user.
> > 
> > Redhat does not permit this. 
> 
> Nor should it.  Think about the cases where you have disk quotas in
> effect.  If you allow user x to change ownership of a large 
> file to user
> y, you could potentially block user y from creating any more files on
> the volume and that user may not even be able to find or 
> change the file
> that x changed.
> 
> Think also about the case of a non-privileged user changing the
> ownership of /etc/shadow to himself and then making that file world
> readable or writable.  Your system is now totally compromised.
> 
> > We thought about using sudo, however this could be dangerous.
> > Is there a secure way to do this.
> 
> You'll have to ensure that the script you write is secure.  You must
> have sudo invoke a script of your creation and not allow any 
> user to run
> chown as root (or you could really, really set your system up for
> serious grief).  
> 
> In general, I do not believe you need to change ownership of 
> one file to
> another.  Your application design is busted. 
> 
> A simple workaround is for x to move the file that needs the ownership
> changed to a temporary directory and grant y access to the 
> file.  Then,
> y can take ownership of that file and move it to the place it 
> should be.
> 
> -- 
> Ed Wilts, RHCE
> Mounds View, MN, USA
> mailto:ewilts at ewilts.org
> Member #1, Red Hat Community Ambassador Program
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list