Use chown as regular user? - Help

This is a discussion on Use chown as regular user? - Help ; I want to be able to use chown as a regular user instead of having to do it as root. A Google search showed that I should have the line "set rstchown=0" in /etc/system. However, Mandrake 9.1 doesn't seem to ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Use chown as regular user?

  1. Use chown as regular user?

    I want to be able to use chown as a regular user instead of having to do it
    as root. A Google search showed that I should have the line "set
    rstchown=0" in /etc/system. However, Mandrake 9.1 doesn't seem to have
    that file. What is the equivalent file in Mandrake, or how can I make it
    let me use chown as a regular user?

    Charles

  2. Re: Use chown as regular user?

    Charles A. Burge wrote:
    > I want to be able to use chown as a regular user instead of having to do it
    > as root. A Google search showed that I should have the line "set
    > rstchown=0" in /etc/system. However, Mandrake 9.1 doesn't seem to have
    > that file. What is the equivalent file in Mandrake, or how can I make it
    > let me use chown as a regular user?
    >
    > Charles



    I don't have a Mandrake system, but on Fedora it's controlled with "syctl":

    # sysctl -a | grep chown
    fs.xfs.restrict_chown = 1


    --
    Tony Lawrence
    Unix/Linux/Mac OS X resources: http://aplawrence.com

  3. Re: Use chown as regular user?

    In article <23Vge.35$h86.18@tornado.socal.rr.com>, Charles A. Burge wrote:

    >I want to be able to use chown as a regular user instead of having to do it
    >as root. A Google search showed that I should have the line "set
    >rstchown=0" in /etc/system. However, Mandrake 9.1 doesn't seem to have
    >that file.


    I _think_ that is the file that POSIX suggests. However, I don't know
    that many *nix that follow that. Doing a 'strings' of /bin/chown doesn't
    turn up that hint.

    Background: Originally, Bell Labs UNIX allowed anyone to run chown. In
    the early 1980s, Berkeley changed that behavior to 'root only'. The reason
    was two-fold. First, the original behavior allowed users to circumvent
    disk quotas. Second, it was a security hole, that allowed miscreants to
    "frame" another user. Many UNIX vendors did follow this concept. When
    POSIX came along, and had to choose, they weaseled on the issue, and said
    both behaviors were correct, allowing the mode to be determined by a
    system configuration file - I'm afraid I don't have the name, and I
    don't have a copy of the POSIX document. A few of my old SystemV manuals
    mention to old behavior, but the several that I scanned all admit that
    this is not a good idea, and the command should be chmod to 750 to prevent
    users from using the command.

    >What is the equivalent file in Mandrake, or how can I make it let me use
    >chown as a regular user?


    The best suggestion would be to use 'sudo' and you can make it such that
    you are not requested for a password (the default behavior). A much
    less satisfactory solution would be to make the /bin/chown binary SUID.
    This is NOT recommended, and the security stuff on your Mandrake system
    would probably reset the permissions back to normal just because it is
    such a bad idea.

    Old guy

  4. Re: Use chown as regular user?

    Charles A. Burge wrote:
    > I want to be able to use chown as a regular user instead of having to do it
    > as root. A Google search showed that I should have the line "set
    > rstchown=0" in /etc/system. However, Mandrake 9.1 doesn't seem to have
    > that file. What is the equivalent file in Mandrake, or how can I make it
    > let me use chown as a regular user?
    >
    > Charles

    It's in /proc/sys do a find for -name "*chown*" and see where on your
    system. If you let anyone untrusted use the system, I suggest you
    consider the need. It's your system, just be aware that while you can
    restrict access to the chown command you can't prevent an untrusted user
    from making the syscall in another way.

    Is there a capability trick I'm missing?

    --
    bill davidsen
    SBC/Prodigy Yorktown Heights NY data center
    http://newsgroups.news.prodigy.com

  5. Re: Use chown as regular user?

    I know this is a dated post, but after lots of searching, I thought I would post my finding here, as I hope it helps other users.

    The problem I had was that I need to change ownership of files created due to them being access via Samba (CIFS) shares, and needing a single owner to coincide with the unix owner - to maintain ownership and permissions across the different platforms on my network.

    Example:
    FILE.A is created by userB and copied to a location owned by userA. Ownership of the CIFS share is userA. The following command is issued by userB:

    $ chown userA FILE.A

    Because some flavors of linux/unix do not allow giving away ownership of files, even those you own, you would get the "not owner" error. Now the magic! if you issue the following command as root, you can then perform the chown command without the error:

    # chmod 4755 /usr/bin/chown

    This is controversial, and not recommended if your system is openly accessed, or has users you need to control. What this does is perform a setuid on the chown command itself, which forces the command run as root each time it is run. This is only a quick workaround, in the event your system does not have a setting in /proc/sys (or via sysctl or /etc/system), and you have scripts that need to change ownership of files they create. The alternate is to use sudo without password for the chown command:

    # visudo (or vi /etc/sudoers)

    insert the following line:
    username ALL = NOPASSWD: /bin/chown
    or
    ALL ALL = NOPASSWD: /bin/chown [less secure]

    Mind that you only need to perform either of the above on the system you need to change ownership - for instance, if system B is preventing you from changing ownership on files, and it is providing an NFS mount, and you are creating files on system A mounted to it, you would only need the workaround on system A.

    If you got here, odds are you had the same problem as I did. Just be aware of what this does (google sudo setuid and chmod).

+ Reply to Thread