changing ownership
Ed Wilts
ewilts at ewilts.org
Mon Dec 20 14:53:46 UTC 2004
On Mon, Dec 20, 2004 at 09:21:37AM -0500, Blackburn, Marvin wrote:
> I have the need to have a non-priveleged user change the ownership of a
> file or files that he owns, to another non-privelged user.
>
> Redhat does not permit this.
Nor should it. Think about the cases where you have disk quotas in
effect. If you allow user x to change ownership of a large file to user
y, you could potentially block user y from creating any more files on
the volume and that user may not even be able to find or change the file
that x changed.
Think also about the case of a non-privileged user changing the
ownership of /etc/shadow to himself and then making that file world
readable or writable. Your system is now totally compromised.
> We thought about using sudo, however this could be dangerous.
> Is there a secure way to do this.
You'll have to ensure that the script you write is secure. You must
have sudo invoke a script of your creation and not allow any user to run
chown as root (or you could really, really set your system up for
serious grief).
In general, I do not believe you need to change ownership of one file to
another. Your application design is busted.
A simple workaround is for x to move the file that needs the ownership
changed to a temporary directory and grant y access to the file. Then,
y can take ownership of that file and move it to the place it should be.
--
Ed Wilts, RHCE
Mounds View, MN, USA
mailto:ewilts at ewilts.org
Member #1, Red Hat Community Ambassador Program
More information about the redhat-list
mailing list