Re: SELinux - a call for end-of-life.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 09/02/2010 01:46 PM, Tim wrote:
> Again, it's more or less what I said, earlier.  To *give* someone a
> file, your only options are to let them read the file, and then they
> copy it.  If you want them to *own* the file, instead of you.
> 

And that's how it's supposed to work. Only root (or rather processes
with CAP_CHOWN) can  change the uid of an existing object in the file
system like this. Disabling this would break _POSIX_CHOWN_RESTRICTED
behaviour (which you can do if you like but don't expect other users of
a general-purpose distro to want it!).

In the dim and distant past you could use chown to give your files away;
it allowed users to subvert the quota system (and today would likely
create fun for xattrs too).

The current Linux behaviour for chown is a standards requirement:

http://www.opengroup.org/onlinepubs/7990989775/xsh/chown.html

If you don't like the behaviour you need to come up with a way to allow
what you want without affecting standards compliance or existing users
who are happy with that behaviour.

Solaris seems to have a knob to disable this compliance but I'm not
aware of such a thing on Linux. You should be able to get a similar
effect via capabilities on Linux (giving all processes CAP_CHOWN) but
it's not something I've ever tried and I don't recommend it.

Regards,
Bryn.
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux