From owner-freebsd-security  Thu Mar 18  8:36: 9 1999
Delivered-To: freebsd-security@freebsd.org
Received: from mail.euroweb.hu (mail.euroweb.hu [193.226.220.4])
	by hub.freebsd.org (Postfix) with ESMTP id 548691527B
	for <freebsd-security@freebsd.org>; Thu, 18 Mar 1999 08:35:59 -0800 (PST)
	(envelope-from hu006co@mail.euroweb.hu)
Received: (from hu006co@localhost)
	by mail.euroweb.hu (8.8.5/8.8.5) id RAA18405
	for freebsd-security@freebsd.org; Thu, 18 Mar 1999 17:35:38 +0100 (MET)
Received: (from zgabor@localhost)
	by CoDe.hu (8.8.8/8.8.8) id QAA00446
	for freebsd-security@freebsd.org; Thu, 18 Mar 1999 16:56:06 +0100 (CET)
	(envelope-from zgabor)
From: Zahemszky Gabor <zgabor@CoDe.hu>
Message-Id: <199903181556.QAA00446@CoDe.hu>
Subject: Re: disk quota overriding
In-Reply-To: <Pine.BSF.4.05.9903171655510.13967-100000@nathan.enteract.com> from David Scheidt at "Mar 17, 99 05:01:00 pm"
To: freebsd-security@freebsd.org
Date: Thu, 18 Mar 1999 16:56:05 +0100 (CET)
X-Mailer: ELM [version 2.4ME+ PL38 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> On Wed, 17 Mar 1999, Jon Hamilton wrote:
> 
> :Under HP-UX 9.x, the behavior you describe was the default, and it
> :was changable by altering a kernel config parameter and relinking the
> :kernel.  The same tunable is available under 10.x, but I'm less certain
> :what the default behavior is there.  Whether quotas are enabled or not
> :does not affect the behavior, only the kernel tunable parameter.
> 
> This is still the default in 10.20.  At least, all of the machines around here
> are that way.  It has some uses on test and lab type machines, as it makes 
> some tasks not have to involve root.  As default behavior for a production 
> machine, it is damn silly.  

Hrrr!

RTFM!

on any HP-UX system, you have to type ``man setprivgrp'', and read ahead
about the priviledges.  Eg. there is one (I think the name is CHOWN ;-), which
allow or deny a normal user (groups of user) to use the chown syscall
(a'la SYSV vs. BSD).  In all of my HP-sysadmin trainings, I say that at
the time of quotas.

Bye,

ZGabor at CoDe dot HU

PS: if I know well, there isn't any kernel parameter you have to change.
(Well, I'd like to ask you to write me the name of it, as I don't know about
it.)  By the way you are right, the setprivgrp command isn't documented in HP's
UNIX course docs (only in the HP-UX security), only in the manual.  I know,
I teach it.

PS2: go away from fbsd-sec with this off-topic thread about HP-UX.  There are
more Unices, which has chown with AT&T semantics.  Well, not so many with
quotas (and FFS), as HP.

-- 
#!/bin/ksh
Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z ;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message