Date: Tue, 23 Mar 2004 11:57:11 +0000 (GMT) From: Jan Grant <Jan.Grant@bristol.ac.uk> To: "Gerald S. Stoller" <gs_stoller@hotmail.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: The chown command Message-ID: <Pine.GSO.4.58.0403231152300.2934@mail.ilrt.bris.ac.uk> In-Reply-To: <Sea1-F33EOBHkJZbK4D000092da@hotmail.com> References: <Sea1-F33EOBHkJZbK4D000092da@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 22 Mar 2004, Gerald S. Stoller wrote: > This gives the system owner the flexibility to leave > it this way, or to restrict this ability to root as it is now by > seting chown's permissions to 500 , it is already owned by root. The "chown" command merely uses the "chown" system call. It is perfectly possible for a user to write and compile their own version of the chown command; so setting permissions on a particular executable do not, in and of themselves, prevent users from effectively duplicating the effect of the command. This is broadly true across all unixalikes. > This is all that a single actual user (as most home systems are) > system needs, but for a true multi-user system one may want to restrict > the change to cases where the new owner and the current owner are members > of one group (and the system administrater should be careful about adding > users to the group wheel ). If the system has some groups that contain > all users, we may want to allow them to be excluded from consideration, > though we shouldn't worry about this now. > I would like to push for such a change and wish others would > join me; if anyone knows of any possible problems from this change, or > has any objections to it, please let me know. This seems overly complicated. The reasons chown is generally limited are security-motivated: for example, one can subvert a quota system by "giving away" files. Rather than present your solution first, perhaps you could indicate the use cases that motivate your suggestion. There may be other ways to achieve the goals you have. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/ "...perl has been dead for more than 4 years." - Abigail in the Monastery
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.58.0403231152300.2934>