On Mon, Dec 20, 2004 at 09:21:37AM -0500, Blackburn, Marvin wrote: > I have the need to have a non-priveleged user change the ownership of a > file or files that he owns, to another non-privelged user. > > Redhat does not permit this. Nor should it. Think about the cases where you have disk quotas in effect. If you allow user x to change ownership of a large file to user y, you could potentially block user y from creating any more files on the volume and that user may not even be able to find or change the file that x changed. Think also about the case of a non-privileged user changing the ownership of /etc/shadow to himself and then making that file world readable or writable. Your system is now totally compromised. > We thought about using sudo, however this could be dangerous. > Is there a secure way to do this. You'll have to ensure that the script you write is secure. You must have sudo invoke a script of your creation and not allow any user to run chown as root (or you could really, really set your system up for serious grief). In general, I do not believe you need to change ownership of one file to another. Your application design is busted. A simple workaround is for x to move the file that needs the ownership changed to a temporary directory and grant y access to the file. Then, y can take ownership of that file and move it to the place it should be. -- Ed Wilts, RHCE Mounds View, MN, USA mailto:ewilts@xxxxxxxxxx Member #1, Red Hat Community Ambassador Program -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
