Ed, Thanks for your reply. I agree that the design is flawed; however, its something that is difficult to change. The work around is something similar to what I was thinking, but your's is simpler. Thanks for the response. > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Ed Wilts > Sent: Monday, December 20, 2004 9:54 AM > To: General Red Hat Linux discussion list > Subject: Re: changing ownership > > On Mon, Dec 20, 2004 at 09:21:37AM -0500, Blackburn, Marvin wrote: > > I have the need to have a non-priveleged user change the > ownership of a > > file or files that he owns, to another non-privelged user. > > > > Redhat does not permit this. > > Nor should it. Think about the cases where you have disk quotas in > effect. If you allow user x to change ownership of a large > file to user > y, you could potentially block user y from creating any more files on > the volume and that user may not even be able to find or > change the file > that x changed. > > Think also about the case of a non-privileged user changing the > ownership of /etc/shadow to himself and then making that file world > readable or writable. Your system is now totally compromised. > > > We thought about using sudo, however this could be dangerous. > > Is there a secure way to do this. > > You'll have to ensure that the script you write is secure. You must > have sudo invoke a script of your creation and not allow any > user to run > chown as root (or you could really, really set your system up for > serious grief). > > In general, I do not believe you need to change ownership of > one file to > another. Your application design is busted. > > A simple workaround is for x to move the file that needs the ownership > changed to a temporary directory and grant y access to the > file. Then, > y can take ownership of that file and move it to the place it > should be. > > -- > Ed Wilts, RHCE > Mounds View, MN, USA > mailto:ewilts@xxxxxxxxxx > Member #1, Red Hat Community Ambassador Program > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
