| Title: | DIGITAL UNIX�(FORMERLY KNOWN AS DEC OSF/1) |
| Notice: | Welcome to the Digital UNIX Conference |
| Moderator: | SMURF::DENHAM |
| Created: | Thu Mar 16 1995 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 10068 |
| Total number of notes: | 35879 |
Following are two mails sent to me by a customer. It explains what the
problem is.
I've looked at all notes concerning chown, and did not find the solution.
Can someone please help ?
I noticed that there is a _POSIX_CHOWN_RESTRICTED parameter in
/usr/include/unistd.h . Now how do I get about implementing it.
Thanks,
Alex
---------------------------------------------------------------
Alex,
We are porting one of our systems to DEC, but we encountered a problem.
Part of the system is Special Admin Utils which are creating files for
users and when the files are ready the automatic processing needs to
change the owner of those files to the appropriate users.
Digital version of "chown" command does not allow users without
'superuser authority' (by the way what does it means? is any other user
then root may be authorized as super user?).
Do you have a "normal" version of the command ? Can you offer a solution
to the problem ?
Thanks,
Itsik
Alex,
Just for your knowledge -
On our SUN hosts (SOLARIS 2.5.1) the "chown" depends on
a configuration option _POSIX_CHOWN_RESTRICTED
Only when this option is in effect the owner of the file is prevented
from changing the owner ID of the file.
Regards,
Itsik
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 9617.1 | chown by user not supported | NNTPD::"majeske@alpha.zk3.dec.com" | Ann Majeske | Tue Apr 29 1997 13:57 | 28 |
I found a couple reasons why Digital UNIX does not support users other
than "root" using the chown(1) command. The first was the response to
QAR 25961:
Answer Text (25961) (lines wrap at 100 characters)
David Smith 9/15/95
dsmith@unx.dec.com
The FIPS (Federal Information Processing Standard) requires that
the _POSIX_CHOWN_RESTRICTED variable is always on, and since we
are FIPS-compliant, we do not need to worry about the case that
it is not on.
The second was in my old mail:
It's a well-known denial-of-service attack against filesystem
quotas.
Given the proper scenario (*which I will NOT include here!*) and the
ability for a non-root user to use "chown" to change ownership of file
to another user, the first user can fill up the second user's disk
quota with files which the second user can't find, and couldn't unlink
even if he could find it.
But, you or your customer should be able to write a setuid program to
supply the functionality they need without using chown(1).
[Posted by WWW Notes gateway]
| |||||
| 9617.2 | Wrote my own chown | TAMIR::LANDSBERG | Internets success will also be its downfall | Tue May 27 1997 05:45 | 10 |
Thanks Ann,
I pulled chown sources from the FreeBSD kit on gatekeeper, hacked it
around a bit and gave it to the customer.
The customer is happy and so am I.
Regards,
Alex
| |||||