| Title: | DIGITAL UNIX�(FORMERLY KNOWN AS DEC OSF/1) |
| Notice: | Welcome to the Digital UNIX Conference |
| Moderator: | SMURF::DENHAM |
| Created: | Thu Mar 16 1995 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 10068 |
| Total number of notes: | 35879 |
Following are two mails sent to me by a customer. It explains what the
problem is.
I've looked at all notes concerning chown, and did not find the solution.
Can someone please help ?
I noticed that there is a _POSIX_CHOWN_RESTRICTED parameter in
/usr/include/unistd.h . Now how do I get about implementing it.
Thanks,
Alex
---------------------------------------------------------------
Alex,
We are porting one of our systems to DEC, but we encountered a problem.
Part of the system is Special Admin Utils which are creating files for
users and when the files are ready the automatic processing needs to
change the owner of those files to the appropriate users.
Digital version of "chown" command does not allow users without
'superuser authority' (by the way what does it means? is any other user
then root may be authorized as super user?).
Do you have a "normal" version of the command ? Can you offer a solution
to the problem ?
Thanks,
Itsik
Alex,
Just for your knowledge -
On our SUN hosts (SOLARIS 2.5.1) the "chown" depends on
a configuration option _POSIX_CHOWN_RESTRICTED
Only when this option is in effect the owner of the file is prevented
from changing the owner ID of the file.
Regards,
Itsik
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 9617.1 | chown by user not supported | NNTPD::"[email protected]" | Ann Majeske | Tue Apr 29 1997 14:57 | 28 |
I found a couple reasons why Digital UNIX does not support users other than "root" using the chown(1) command. The first was the response to QAR 25961: Answer Text (25961) (lines wrap at 100 characters) David Smith 9/15/95 [email protected] The FIPS (Federal Information Processing Standard) requires that the _POSIX_CHOWN_RESTRICTED variable is always on, and since we are FIPS-compliant, we do not need to worry about the case that it is not on. The second was in my old mail: It's a well-known denial-of-service attack against filesystem quotas. Given the proper scenario (*which I will NOT include here!*) and the ability for a non-root user to use "chown" to change ownership of file to another user, the first user can fill up the second user's disk quota with files which the second user can't find, and couldn't unlink even if he could find it. But, you or your customer should be able to write a setuid program to supply the functionality they need without using chown(1). [Posted by WWW Notes gateway] | |||||
| 9617.2 | Wrote my own chown | TAMIR::LANDSBERG | Internets success will also be its downfall | Tue May 27 1997 06:45 | 10 |
Thanks Ann,
I pulled chown sources from the FreeBSD kit on gatekeeper, hacked it
around a bit and gave it to the customer.
The customer is happy and so am I.
Regards,
Alex
| |||||