FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 12-09-2008, 08:40 PM
Christopher Zimmermann
 
Default Unrestrict chown?

Hi!

On my debian box using linux kernel its not possible to give away files:

madroach@machine:~% touch foo
madroach@machine:~% chown otheruser foo
chown: changing ownership of `foo': Operation not permitted

only root can change file owners. Is it possible to configure this
behaviour and allow all users to chown their own files? I read this was
possible on solaris and several other unices and wonder if it is
possible with linux.


Christopher
 
Old 12-09-2008, 08:49 PM
Sven Joachim
 
Default Unrestrict chown?

On 2008-12-09 22:40 +0100, Christopher Zimmermann wrote:

> On my debian box using linux kernel its not possible to give away files:
>
> madroach@machine:~% touch foo
> madroach@machine:~% chown otheruser foo
> chown: changing ownership of `foo': Operation not permitted
>
> only root can change file owners. Is it possible to configure this
> behaviour and allow all users to chown their own files?

No.

> I read this was possible on solaris and several other unices and
> wonder if it is possible with linux.

This is deliberately not possible.

Sven


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-09-2008, 08:53 PM
Arc Roca
 
Default Unrestrict chown?

That would be a terrible thing to happen, that any one could appropriate your files to themselves.
The other user could copy your file if you set it through chmod properly, and therefore the problem would be solved.

--- On Tue, 12/9/08, Christopher Zimmermann <madroach@zakweb.de> wrote:
From: Christopher Zimmermann <madroach@zakweb.de>
Subject: Unrestrict chown?
To: debian-user@lists.debian.org
Date: Tuesday, December 9, 2008, 4:40 PM

Hi!

On my debian box using linux kernel its not possible to give away files:

madroach@machine:~% touch foo
madroach@machine:~% chown otheruser foo
chown: changing ownership of `foo': Operation not permitted

only root can change file owners. Is it
possible to configure this
behaviour and allow all users to chown their own files? I read this was
possible on solaris and several other unices and wonder if it is
possible with linux.


Christopher
 
Old 12-09-2008, 08:56 PM
Celejar
 
Default Unrestrict chown?

On Tue, 9 Dec 2008 13:53:47 -0800 (PST)
Arc Roca <tonroca@yahoo.com> wrote:

> That would be a terrible thing to happen, that any one could appropriate your files to themselves.

I've been wondering about this; what would be the problem with the OS
allowing user1 to chown his files to user2, assuming we don't allow
this to occur with suid executables, of course.

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-09-2008, 09:03 PM
Sven Joachim
 
Default Unrestrict chown?

On 2008-12-09 22:56 +0100, Celejar wrote:

> On Tue, 9 Dec 2008 13:53:47 -0800 (PST)
> Arc Roca <tonroca@yahoo.com> wrote:
>
>> That would be a terrible thing to happen, that any one could appropriate your files to themselves.
>
> I've been wondering about this; what would be the problem with the OS
> allowing user1 to chown his files to user2, assuming we don't allow
> this to occur with suid executables, of course.

It would be a DoS against user2 if disk quotas are used.

Sven


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-09-2008, 09:19 PM
Scott Gifford
 
Default Unrestrict chown?

Sven Joachim <svenjoac@gmx.de> writes:

> On 2008-12-09 22:56 +0100, Celejar wrote:
>
>> On Tue, 9 Dec 2008 13:53:47 -0800 (PST)
>> Arc Roca <tonroca@yahoo.com> wrote:
>>
>>> That would be a terrible thing to happen, that any one could appropriate your files to themselves.
>>
>> I've been wondering about this; what would be the problem with the OS
>> allowing user1 to chown his files to user2, assuming we don't allow
>> this to occur with suid executables, of course.
>
> It would be a DoS against user2 if disk quotas are used.

It would also make it impossible to identify which user had created a
file, which could be important if a file is a malicious program or
just very large.

-----Scott.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-09-2008, 09:21 PM
Scott Gifford
 
Default Unrestrict chown?

Christopher Zimmermann <madroach@zakweb.de> writes:

> Hi!
>
> On my debian box using linux kernel its not possible to give away files:
>
> madroach@machine:~% touch foo
> madroach@machine:~% chown otheruser foo
> chown: changing ownership of `foo': Operation not permitted
>
> only root can change file owners. Is it possible to configure this
> behaviour and allow all users to chown their own files? I read this was
> possible on solaris and several other unices and wonder if it is
> possible with linux.

As others have mentioned, normally this is a bad idea. But if you
have a specialized need for it, you can write a small program to open
the file, check the owner with fstat, then change the owner with
fchown. If you install this program setuid it will let you give this
capability to your users.

If you just need this for particular application, it could check if
the files match some other criteria, like being in the right
directory.

If you used this approach, you would need to take great care in
writing the program so it doesn't allow users to give away others'
files.

-----Scott.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-09-2008, 09:30 PM
Celejar
 
Default Unrestrict chown?

On Tue, 09 Dec 2008 23:03:38 +0100
Sven Joachim <svenjoac@gmx.de> wrote:

> On 2008-12-09 22:56 +0100, Celejar wrote:
>
> > On Tue, 9 Dec 2008 13:53:47 -0800 (PST)
> > Arc Roca <tonroca@yahoo.com> wrote:
> >
> >> That would be a terrible thing to happen, that any one could appropriate your files to themselves.
> >
> > I've been wondering about this; what would be the problem with the OS
> > allowing user1 to chown his files to user2, assuming we don't allow
> > this to occur with suid executables, of course.
>
> It would be a DoS against user2 if disk quotas are used.

Good point. I suppose that danger will also exist if user2 has any
file at all that is world writable. Running 'find ~ -perm /o+w -type
f' seems to indicate that I don't have any, so I guess I'm safe ...

> Sven

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-09-2008, 09:53 PM
"Boyd Stephen Smith Jr."
 
Default Unrestrict chown?

On Tuesday 2008 December 09 16:21:54 Scott Gifford wrote:
>Christopher Zimmermann <madroach@zakweb.de> writes:
>> Hi!
>>
>> On my debian box using linux kernel its not possible to give away files,
>> only root can change file owners. Is it possible to configure this
>> behaviour and allow all users to chown their own files?
>
>As others have mentioned, normally this is a bad idea. But if you
>have a specialized need for it, you can write a small program to open
>the file, check the owner with fstat, then change the owner with
>fchown. If you install this program setuid it will let you give this
>capability to your users.
>
>If you used this approach, you would need to take great care in
>writing the program so it doesn't allow users to give away others'
>files.

While your technique is effective, it might be better to modify the existing
chmod source. Otherwise you lose (or have to re-implement) all the nice
features like -R. Do it right, (including handling the case where chown
isn't suid, as well as various security issues) and you might be able to get
upstream to accept it, as an option
(e.g. ./configure --with-restricted-chown-override-when-suid-root).
--
Boyd Stephen Smith Jr. * * * * * * * * * * ,= ,-_-. =.
bss03@volumehost.net * * * * * * * * * * *((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy * * * * * `-'(. .)`-'
http://iguanasuicide.org/ * * * * * * * * * * *\_/ * *
 
Old 12-09-2008, 10:01 PM
Christopher Zimmermann
 
Default Unrestrict chown?

On Tue, 09 Dec 2008 23:03:38 +0100
Sven Joachim <svenjoac@gmx.de> wrote:

> On 2008-12-09 22:56 +0100, Celejar wrote:
>
> > On Tue, 9 Dec 2008 13:53:47 -0800 (PST)
> > Arc Roca <tonroca@yahoo.com> wrote:
> >
> >> That would be a terrible thing to happen, that any one could appropriate your files to themselves.
> >
> > I've been wondering about this; what would be the problem with the OS
> > allowing user1 to chown his files to user2, assuming we don't allow
> > this to occur with suid executables, of course.
>
> It would be a DoS against user2 if disk quotas are used.

Before diskquotas were introduced in BSD it was possible for a user to
give away his files. A chown was possible if UID of user and file
matched, but setuid and setgid were cleared on the file.

I read something about capabilities(7). CAP_CHMOD looks like a
solution. But I don't manage to change the capabilities on my files:

madroach@pundit:~% sudo getpcaps $$ Capabilities for
`25117': =eip
cap_chown,cap_dac_override,cap_dac_read_search,cap _fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid, cap_setpcap,cap_linux_immutable,cap_net_bind_servi ce,cap_net_broadcast,cap_net_admin,cap_net_raw,cap _ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_raw io,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap _sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resou rce,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_ lease,cap_audit_write,cap_audit_control,cap_setfca p-eip
madroach@machine:~% sudo setcap 'cap_chown=eip' foo
Failed to set capabilities on file `foo' (Operation not permitted)

Do I need special filesystem support for this to work? Or whats the
matter?


Christopher
 

Thread Tools




All times are GMT. The time now is 05:09 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org