can't change ownership on files

Rick Stevens rstevens at vitalstream.com
Mon Apr 25 17:30:21 UTC 2005 

Waldher, Travis R wrote:
> 
>>-----Original Message-----
>>From: Rick Stevens [mailto:rstevens at vitalstream.com]
>>Sent: Monday, April 25, 2005 9:54 AM
>>To: Getting started with Red Hat Linux
>>Subject: Re: can't change ownership on files
>>
>>Waldher, Travis R wrote:
>>
>>>>-----Original Message-----
>>>>From: Rick Stevens [mailto:rstevens at vitalstream.com]
>>>>Sent: Friday, April 22, 2005 4:36 PM
>>>>To: Getting started with Red Hat Linux
>>>>Subject: Re: can't change ownership on files
>>>>
>>>>
>>>>>Ew...
>>>>>
>>>>>Beyond that there is not hack/tweak I can make?
>>>>>
>>>>>Sudo would basically open up chown/chgrp for any file on local
> 
> disk,
> 
>>>and
>>>
>>>
>>>>>any filesystem that is mounted with root level access.  Correct?
>>>>
>>>>Yup.  You still haven't said why they need to chown a file.  There
> 
> is
> 
>>>>virtually never a good reason to allow that.
>>>>
>>>>If people need to share a file, make them all part of the same group
>>>
>>>and
>>>
>>>
>>>>grant rwx group to each file or, alternately, allow the users to
> 
> join
> 
>>>>other groups by putting their usernames in /etc/group or allowing
> 
> the
> 
>>>>"newgrp" command.
>>>
>>>
>>>Well, lets just say that's the way it's always been.  I'm picking
> 
> other
> 
>>>battles at the moment and am not ready to attack something like
> 
> this.
> 
>>That doesn't make it right and it's dangerous to boot.  "that's the
> 
> way
> 
>>we've always done it" is a totally invalid argument when it comes to
>>security.
>>
> 
> 
> Choir man, your preaching to the Choir.
> 
> I inherited a gigantic mess when I got in this particular position 3
> years ago.  First on the windows side, I cleaned that up in about 1
> year.  The UNIX side is MUCH more difficult to get users to change.  And
> unfortunately, I just can't go and change it.
> 
> I'm just attacking the larger problems than chown, before I get to a
> chown problem.  Fortunately, the users decided they could figure out how
> to live without the ability to chown on the linux systems.  Too bad
> hp/(s)ux still allows it.

And Solaris does, too.  However, you MUST force them to use something
like CVS.  It will save their butts when they have to back out changes
or merge the work of several people.  Trust me on this.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-           grep me no patterns and I'll tell you no lines           -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list