[ale] Allow non-root user to chown file to other user?

Jeff Lightner jlightner at water.com
Thu Nov 15 15:19:55 EST 2007


Not exactly - my original question was:

'If a non-root user OWNS a file and wants to give ownership to another
user it says "operation not permitted".'

Adding setuid to the chown command would let him change any file whether
he owned it or not.   As noted in my last amplification - I'm looking
for a config option that enables this functionality - not a way to
completely compromise my system.  

While I'm sure there are those who philosophically believe giving a user
"chown" to files he owns is a security hole its not something I
personally believe.   The only real argument I've seen against it is
making it a way to avoid quotas but I'm not using those.  The other
argument I've seen it that he could chmod a file with setuid bit on then
chown it to root but my past experience has been that chown itself
removes setuid bit.

The intent of my post was to avoid philosophical discussions and
pointers down paths that I've already followed or only want to use as a
last resort in hope that someone actually knew the technical answer.  I
guess that was a vain hope.

-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
Michael Still
Sent: Thursday, November 15, 2007 3:01 PM
To: Atlanta Linux Enthusiasts
Subject: Re: [ale] Allow non-root user to chown file to other user?

Well you asked for it:
[root at host /]# chmod u+s /bin/chown


On Nov 15, 2007 2:44 PM, Jeff Lightner <jlightner at water.com> wrote:
> OK the responses so far did what I was asking not to do - that is they
> are either telling me how to engineer a solution around it or they are
> saying it is a bad idea.
>
> Also one post mentioned "capabilities" which I had broached in my
> original post.  My read of that is it is something set for programs or
> at kernel level not something that is enabled for users.   If the
chown
> capability is not on in the kernel then even root couldn't do chown.
> It doesn't seem to really relate to my question - I had gone down that
> path before posting.
>
> Again I am asking if there is a way to allow non-root users to simply
> use the "real" chown command directly.  It just doesn't seem to me
that
> this shouldn't be something that is configurable somehow especially
> given that it is configurable on at least two UNIX variants I'm
familiar
> with.
>
>
> -----Original Message-----
> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
> Thomas Stromberg
> Sent: Thursday, November 15, 2007 2:18 PM
> To: Atlanta Linux Enthusiasts
> Subject: Re: [ale] Allow non-root user to chown file to other user?
>
> Thanks for mentioning this. sudoers allows you to specify exactly what
> chown's would be allowed in this case. I've used this in the past
> where I wanted to allow chown to work on a single file with a single
> destination user.
>
> On 11/15/07, Brian Pitts <brian at polibyte.com> wrote:
> > Thomas Stromberg wrote:
> > > If you really wanted to implement this, you could do so with the
> > > following script. While I know you are not a fan of the sudo
> approach,
> > > combined with this script, it would be invisible to your users,
and
> > > add a syslog entry each time this extended-functionality is used.
> This
> > > way you can audit any ownership changes you might have.
> > >
> > > -- 8< ---------------------
> > > #!/bin/sh
> > > # This assumes you have configured the "admin" group in sudoers
for
> > > # password-less chown.
> > > #
> > > # It's recommended you place this somewhere in path such as
> /usr/local/bin
> > > # rathern than overwriting /usr/sbin/chown, but both will work.
> > >
> > > CHOWN_GROUP="admin"
> > > REAL_CHOWN="/usr/sbin/chown"
> > > chown_cmd=$REAL_CHOWN
> > >
> > > for group in `groups`
> > > do
> > >   if [ $group = $CHOWN_GROUP ]; then
> > >     chown_cmd="sudo $REAL_CHOWN"
> > >   fi
> > > done
> > >
> > > $chown_cmd $*
> > > -- 8< ---------------------
> > >
> >
> > Until they chown syslog and remove those entries. There's a thread
> about
> > this issue here.
> >
> > http://lists.debian.org/debian-security/2001/07/msg00160.html
> >
> > THe best advice I see is "VERY CAREFULLY construct a wrapper that
> > validates input (i.e. requires absolute paths under a given
directory
> > (i.e. /home) w/o symlinks, matches argument against a list of valid
> > files, etc.) and then executes the chown itself, and give the user
> sudo
> > permission to run the wrapper."
> >
> > -Brian
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> >
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> ----------------------------------
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or
confidential information and is for the sole use of the intended
recipient(s). If you are not the intended recipient, any disclosure,
copying, distribution, or use of the contents of this information is
prohibited and may be unlawful. If you have received this electronic
transmission in error, please reply immediately to the sender that you
have received the message in error, and delete it. Thank you.
> ----------------------------------
> _______________________________________________
>
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>



-- 
[stillwaxin at gmail.com ~]$ cat .signature
cat: .signature: No such file or directory
[stillwaxin at gmail.com ~]$
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale



More information about the Ale mailing list