You could also make a "share" group and directory for those users that will need to share files. Then simply change the group access level and ownership on the file and have it in that group's directory and add the users to that group. Then all in the group would have access to it and there would be no need to switch owners back and forth. Future files could then be added and modified as needed without much additional effort. Paul Pettit CCB Inc. -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Blackburn, Marvin Sent: Monday, December 20, 2004 9:13 AM To: General Red Hat Linux discussion list Subject: RE: changing ownership Ed, Thanks for your reply. I agree that the design is flawed; however, its something that is difficult to change. The work around is something similar to what I was thinking, but your's is simpler. Thanks for the response. > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Ed Wilts > Sent: Monday, December 20, 2004 9:54 AM > To: General Red Hat Linux discussion list > Subject: Re: changing ownership > > On Mon, Dec 20, 2004 at 09:21:37AM -0500, Blackburn, Marvin wrote: > > I have the need to have a non-priveleged user change the > ownership of a > > file or files that he owns, to another non-privelged user. > > > > Redhat does not permit this. > > Nor should it. Think about the cases where you have disk quotas in > effect. If you allow user x to change ownership of a large > file to user > y, you could potentially block user y from creating any more files on > the volume and that user may not even be able to find or > change the file > that x changed. > > Think also about the case of a non-privileged user changing the > ownership of /etc/shadow to himself and then making that file world > readable or writable. Your system is now totally compromised. > > > We thought about using sudo, however this could be dangerous. > > Is there a secure way to do this. > > You'll have to ensure that the script you write is secure. You must > have sudo invoke a script of your creation and not allow any > user to run > chown as root (or you could really, really set your system up for > serious grief). > > In general, I do not believe you need to change ownership of > one file to > another. Your application design is busted. > > A simple workaround is for x to move the file that needs the ownership > changed to a temporary directory and grant y access to the > file. Then, > y can take ownership of that file and move it to the place it > should be. > > -- > Ed Wilts, RHCE > Mounds View, MN, USA > mailto:ewilts@xxxxxxxxxx > Member #1, Red Hat Community Ambassador Program > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
