[ale] Allow non-root user to chown file to other user?

Jeff Hubbs hbbs at comcast.net
Sat Nov 17 14:49:41 EST 2007


I've had to keep in mind that sometimes an OS doesn't do what you really 
want, and when that happens, it may just be time to switch OSses unless 
you can significantly re-frame the problem in such a way that your OS of 
choice can handle it.  If you have to switch, then you do, even if the 
solution isn't Open Source. 

In my past work with the Air Force, I saw situations (non-IT) come up in 
meetings where the apparent solution cost an arm and a leg.  There was a 
security officer I worked with who, in these situations, would just say 
"Cost of doing business!"  And, he was right.  As Linux people, we are 
very used to wielding extraordinary computing power for the cost of the 
hardware involved and the know-how.  It's reasonable to expect that 
/extraordinarily extraordinary/ power is gonna cost!

- Jeff

Jeff Lightner wrote:
> Thanks Mike - that's the most complete answer I've ever seen.
>
> It answers my original question quite adequately.
>
>
> -----Original Message-----
> From: Michael H. Warfield [mailto:mhw at WittsEnd.com] 
> Sent: Friday, November 16, 2007 7:12 PM
> To: Jeff Lightner
> Cc: mhw at WittsEnd.com; Atlanta Linux Enthusiasts
> Subject: RE: [ale] Allow non-root user to chown file to other user?
>
> Ok...
>
> 	Long answer.  Maybe this will answer your question or at least
> help you
> solve your problem.  Not all problems are solvable.  Not a problems are
> technical.
>
> On Fri, 2007-11-16 at 11:06 -0500, Jeff Lightner wrote: 
>   
>> An opinion no matter how much YOU agree with it is still an opinion
>>     
> and
>   
>> therefore isn't "technical".  That is my opinion.
>>     
>
> 	Yes, well, and as a security expert, I tend to have strongly
> held
> opinions on matters when they impinge upon the security arena.  I
> especially don't like people using excuses for exercising bad habits and
> creating bad implementations because they aren't (now, yet, think they
> ever will be) using something where they think security (is, was, ever
> will be) important.  That's why your comment about an RFC was sublimely
> amusing.  If that behavior of chown ever did come up at a "modern" IETF
> meeting, it never would get into an RFC in that form explicitly because
> of the security issues.  I've sat in on a few of those working groups
> where people have gotten down right nasty over security (ok, ok, it's
> the IETF, they don't need to get worked up over security to get down
> right nasty, I know). 
>
> 	I run into lots of people who insist that they absolutely can
> not solve
> this problem or that problem without their favorite security hole (I
> know of one group who insisted that they could only retrieve patient
> data interstate, over the Internet, by using telnet - till they were
> taught a lesson or two about HIPAA).  If it doesn't work that way, you
> just have to find another solution to your problem.  Sometimes, you just
> need to ask the right question and not try and predetermine the answer
> to merely give you what you want and not what you need.  Sometimes you
> need to be creative and think outside the box and sometimes you need to
> think seriously about your goal and not so much about how you think you
> need to get there.
>   



More information about the Ale mailing list