Subject: Re: chown, quotas and security
To: None <>
From: Jon Hamilton <>
List: current-users
Date: 11/05/1994 18:47:06
>> Now, I don't see any reason to deny chown() to a normal user given that
>> quotas are not enabled; i.e. if there are no quotas, should one not be
>> able to give away files?  (This is a simple #ifdef in the kernel.)
>> (in a development environment, it is sometimes desirable to be able to
>>  give files away so as not to trouble super-users with niggly little
>>  file-permission problems...  You could argue this, and someone probably
>>  will.  I still think this is not out of line.)
>> I was wondering if there should be a "nochown" (or "chown", if the nochown
>> would be the default) flag for the ufs filesystem.
>you can allow users to chown files by making the chown utility suid
>to root.  When a user-level solution for a site specific option such
>as this is available I say leave the kernel alone.

Generally when people talk about this, they intend to allow people to
"give away" files only.  Your solution will allow any user to chown
any file on the system, including ones they don't own.  

I agree that cluttering up the kernel would be wrong, though, and would
suggest either a setuid c wrapper around chown to check ownership
or hacking chown to do the check and making it setuid, the former
probably being preferable.

|   Jon Hamilton |      |
|   CS Solaris Systems Support Group, Iowa State University      |