From owner-freebsd-security Thu Mar 18 22:14:21 1999 Delivered-To: freebsd-security@freebsd.org Received: from woodstock.monkey.net (mercury-2-136.mdm.mkt.execpc.com [169.207.86.201]) by hub.freebsd.org (Postfix) with ESMTP id 5F46214D8F for ; Thu, 18 Mar 1999 22:14:15 -0800 (PST) (envelope-from hamilton@pobox.com) Received: from pobox.com (localhost [127.0.0.1]) by woodstock.monkey.net (Postfix) with ESMTP id 09D4A79; Fri, 19 Mar 1999 00:13:44 -0600 (CST) To: Zahemszky Gabor Cc: freebsd-security@FreeBSD.ORG Subject: Re: disk quota overriding In-reply-to: Your message of "Thu, 18 Mar 1999 16:56:05 +0100." <199903181556.QAA00446@CoDe.hu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 19 Mar 1999 00:13:44 -0600 From: Jon Hamilton Message-Id: <19990319061345.09D4A79@woodstock.monkey.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199903181556.QAA00446@CoDe.hu>, Zahemszky Gabor wrote: } > On Wed, 17 Mar 1999, Jon Hamilton wrote: } > } > :Under HP-UX 9.x, the behavior you describe was the default, and it } > :was changable by altering a kernel config parameter and relinking the } > :kernel. The same tunable is available under 10.x, but I'm less certain } > :what the default behavior is there. Whether quotas are enabled or not } > :does not affect the behavior, only the kernel tunable parameter. } > } > This is still the default in 10.20. At least, all of the machines around h } ere } > are that way. It has some uses on test and lab type machines, as it makes } > some tasks not have to involve root. As default behavior for a production } > machine, it is damn silly. } } Hrrr! } } RTFM! } } on any HP-UX system, you have to type ``man setprivgrp'', and read ahead } about the priviledges. Eg. there is one (I think the name is CHOWN ;-), whic } h } allow or deny a normal user (groups of user) to use the chown syscall } (a'la SYSV vs. BSD). In all of my HP-sysadmin trainings, I say that at } the time of quotas. Right. The default is to allow anyone to chown. The fact that setprivgrp can be used to change this does not invalidate the fact that there also exists a kernel tunable parameter which also does so (with less flexibility, which may be seen as either a good or a bad thing). } Bye, } } ZGabor at CoDe dot HU } } PS: if I know well, there isn't any kernel parameter you have to change. This is UNIX; there's more than one way to do it. Under HP-UX 9.x, the kernel parameter is rstchown. You don't have to change it if you're using setprivgrp, but you can set it *instead* of using setprivgrp. -- Jon Hamilton hamilton@pobox.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message