[ale] Allow non-root user to chown file to other user?

Thomas Stromberg lists at stromberg.org
Thu Nov 15 12:56:57 EST 2007


BSD began restricting chown in this manner after it introduced
filesystem quotas. Otherwise, users could store large files and chown
them to someone else to avoid hitting quota. The other UNIX's followed
suit after introducing per-user quotas.

The reason I always thought this was a bad idea is that it eliminates
a layer of accountability. If one of your users tries to hack into
your machine, and leaves his exploit tools in /tmp, he could easily
chown it to another user to make it harder to see. Once the owner is
changed, there is no way to tell who the original owner of the file
is.

If you really wanted to implement this, you could do so with the
following script. While I know you are not a fan of the sudo approach,
combined with this script, it would be invisible to your users, and
add a syslog entry each time this extended-functionality is used. This
way you can audit any ownership changes you might have.

-- 8< ---------------------
#!/bin/sh
# This assumes you have configured the "admin" group in sudoers for
# password-less chown.
#
# It's recommended you place this somewhere in path such as /usr/local/bin
# rathern than overwriting /usr/sbin/chown, but both will work.

CHOWN_GROUP="admin"
REAL_CHOWN="/usr/sbin/chown"
chown_cmd=$REAL_CHOWN

for group in `groups`
do
  if [ $group = $CHOWN_GROUP ]; then
    chown_cmd="sudo $REAL_CHOWN"
  fi
done

$chown_cmd $*
-- 8< ---------------------

YMMV.


On 11/15/07, Jeff Lightner <jlightner at water.com> wrote:
>
>
>
>
> That's the basic question.  If a non-root user owns a file and wants to give
> ownership to another user it says "operation not permitted".
>
>
>
> I've been looking at a lot of stuff, capabilities, chattr, mount options,
> etc? and see many people ask this question but no real resolution.
>
>
>
> There are no ACLs in use.
>
> There are no attributes set on the files shown by lsattr.
>
> Yes it works as root.
>
> The filesystem is ext3 using "defaults" for options.
>
> This is an issue on Fedora 4 and RHEL 5 (and every Linux from RH 7.3 based
> on my Google research).
>
> Solaris has a way to set this globally.   HP-UX has a slightly different way
> to allow or deny chown authority.   I'm looking for something similar in
> Linux.
>
>
>
> Please do NOT tell me it is a bad idea to allow users to do this
>
> I'm asking if it is possible and how to do it - NOT whether it is a good
> idea.  (If you know how and want to add a caution about specific issue
> you've seen doing it after telling me how that's fine.)
>
>
>
> Please do NOT tell me to give the user access to sudo chown.blah blah blah
>
> Obviously this can be done (and would have to be carefully done to prevent
> exploits).   I'm asking whether I can simply give a user the ability to do
> it directly using the chown command alone.
>
> Please do NOT tell me to use Ubuntu or some other distro.
>
> I'm asking how to do it on the distros I'm currently using.  (Also my
> Googling seems to suggest this may not be restricted to Fedora/RedHat/CentOS
> anyway.)
>
> Please DO tell me if it is not possible if you have a technical explanation
> as to why (that is please don't just say "Redhat doesn't allow it").
>
>
>
>
>
> .
>  ----------------------------------
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential
> information and is for the sole use of the intended recipient(s). If you are
> not the intended recipient, any disclosure, copying, distribution, or use of
> the contents of this information is prohibited and may be unlawful. If you
> have received this electronic transmission in error, please reply
> immediately to the sender that you have received the message in error, and
> delete it. Thank you.
> ----------------------------------
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>



More information about the Ale mailing list