[ale] Allow non-root user to chown file to other user?

Michael H. Warfield mhw at WittsEnd.com
Fri Nov 16 10:32:57 EST 2007


On Fri, 2007-11-16 at 08:49 -0500, Jeff Lightner wrote:
> I haven't seen any technical explanation as to "why" in any of the
> posts.

	Strange...  I thought I saw several comments on the technical reasons
of why it is dangerous (quotas being one distinctive one).  That should
be sufficient.  The "technical" answer would be that people who
recognize it as being dangerous have prohibited it.  It use to be that
you could also, on many Unix system, have SUID scripts.  It was decided
to prohibit those as well, because of the danger.  People complaining
and asking "how do I create an SUID script" are in the same boat as you
are.  It's prohibited by design due to the inherent risks and there are
better, safer, ways to accomplish your goals.  That's the technical long
and short of it.

> I have seen OPINIONS like yours.  Is this discussed in an RFC
> somewhere?

	This isn't a protocol and it's not under the perusal of the IETF, so
why would it be discussed in an RFC.

	But...  As long as you have brought up the topic of an RFC, the IETF
now requires security assessments and statements of security impacts in
RFC's which it published.  For that reason alone, the security issues
mentioned by others as why it's a bad idea would be appropriate as
technical security issues in an RFC.  IOW...  You wouldn't be allowed it
under and RFC because it's insecure.

> ssh is an even more dangerous tool in the wrong hands...

	Point is, you don't need what you are asking.  There are other, better,
safer, ways to accomplish your goal.

	Mike

> -----Original Message-----
> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
> James P. Kinney III
> Sent: Friday, November 16, 2007 8:11 AM
> To: Atlanta Linux Enthusiasts
> Subject: RE: [ale] Allow non-root user to chown file to other user?
> 
> On Thu, 2007-11-15 at 14:44 -0500, Jeff Lightner wrote:
> 
> > Again I am asking if there is a way to allow non-root users to simply
> > use the "real" chown command directly.  It just doesn't seem to me
> that
> > this shouldn't be something that is configurable somehow especially
> > given that it is configurable on at least two UNIX variants I'm
> familiar
> > with.     
> > 
> The short answer is no. The prior posts discuss why. chown is a
> dangerous tool in the wrong hands. 
> 
> Furthermore, a user can't chown a file to themselves. Again, it violates
> the security of the system. 
> 
> All ways I've seen to workaround this are cludges that involve sudo
> and/or setuid root scripts.
> 
> email is a great workaround!
> 
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part




More information about the Ale mailing list