Ed, If I change ownership to user "y" but the file still exists in my home directory, won't it still be charged to my quota not the other users'? Other flavors of Unix allow a user to change ownership of files that he owns to any other user and also enforce quotas based on where in the directory tree the file resides rather than on UID. As long as I own a file I should be able to change the owner to some one else unless the quota system is based on UID and not on the directory involved. Does Red Hat base disk quotas on UID? As to /etc/shadow, no non-privileged user should ever be owner of shadow and thus cannot change the ownership of it. The premise was non-privileged user owned the file in question. You are definitely correct about being careful with any script to do this since a mistake that allows the script to run as root can be devastating. Since most systems create all files in /tmp with group and world read permissions simply copying the file to /tmp and then back should suffice. You can even go to the extent of creating a transfer directory in /tmp or another file system with carefully crafted permissions if this is an ongoing need. Then there is always "group" permissions if this is ongoing since a consistent need for this implies there is a grouping of needs there. Fred Magee ATK Mission Research (505)768-7783 fred.magee@xxxxxxx -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Blackburn, Marvin Sent: Monday, December 20, 2004 8:13 AM To: General Red Hat Linux discussion list Subject: RE: changing ownership Ed, Thanks for your reply. I agree that the design is flawed; however, its something that is difficult to change. The work around is something similar to what I was thinking, but your's is simpler. Thanks for the response. > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Ed Wilts > Sent: Monday, December 20, 2004 9:54 AM > To: General Red Hat Linux discussion list > Subject: Re: changing ownership > > On Mon, Dec 20, 2004 at 09:21:37AM -0500, Blackburn, Marvin wrote: > > I have the need to have a non-priveleged user change the > ownership of a > > file or files that he owns, to another non-privelged user. > > > > Redhat does not permit this. > > Nor should it. Think about the cases where you have disk quotas in > effect. If you allow user x to change ownership of a large > file to user > y, you could potentially block user y from creating any more files on > the volume and that user may not even be able to find or > change the file > that x changed. > > Think also about the case of a non-privileged user changing the > ownership of /etc/shadow to himself and then making that file world > readable or writable. Your system is now totally compromised. > > > We thought about using sudo, however this could be dangerous. > > Is there a secure way to do this. > > You'll have to ensure that the script you write is secure. You must > have sudo invoke a script of your creation and not allow any > user to run > chown as root (or you could really, really set your system up for > serious grief). > > In general, I do not believe you need to change ownership of > one file to > another. Your application design is busted. > > A simple workaround is for x to move the file that needs the ownership > changed to a temporary directory and grant y access to the > file. Then, > y can take ownership of that file and move it to the place it > should be. > > -- > Ed Wilts, RHCE > Mounds View, MN, USA > mailto:ewilts@xxxxxxxxxx > Member #1, Red Hat Community Ambassador Program > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
