[ale] Allow non-root user to chown file to other user?

Jeff Lightner jlightner at water.com
Fri Nov 16 08:49:51 EST 2007


I haven't seen any technical explanation as to "why" in any of the
posts.  I have seen OPINIONS like yours.  Is this discussed in an RFC
somewhere?

ssh is an even more dangerous tool in the wrong hands...

-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
James P. Kinney III
Sent: Friday, November 16, 2007 8:11 AM
To: Atlanta Linux Enthusiasts
Subject: RE: [ale] Allow non-root user to chown file to other user?

On Thu, 2007-11-15 at 14:44 -0500, Jeff Lightner wrote:

> Again I am asking if there is a way to allow non-root users to simply
> use the "real" chown command directly.  It just doesn't seem to me
that
> this shouldn't be something that is configurable somehow especially
> given that it is configurable on at least two UNIX variants I'm
familiar
> with.     
> 
The short answer is no. The prior posts discuss why. chown is a
dangerous tool in the wrong hands. 

Furthermore, a user can't chown a file to themselves. Again, it violates
the security of the system. 

All ways I've seen to workaround this are cludges that involve sudo
and/or setuid root scripts.

email is a great workaround!

-- 
James P. Kinney III          
CEO & Director of Engineering 
Local Net Solutions,LLC        
770-493-8244                    
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------



More information about the Ale mailing list