Subject: Re: chown, quotas and security
To: None <>
From: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
List: current-users
Date: 11/05/1994 20:08:11
>> Now, I don't see any reason to deny chown() to a normal user given
>> that quotas are not enabled; i.e. if there are no quotas, should one
>> not be able to give away files?

Assuming, of course that the setuid/setgid bits are cleared in the
process, I see no great harm in it.

>> I was wondering if there should be a "nochown" (or "chown", if the
>> nochown would be the default) flag for the ufs filesystem.

> you can allow users to chown files by making the chown utility suid
> to root.

But that allows _all_ chowning (unless of course you have a chown
specifically designed to be set up this way).  What we want is to be
able to give files away but not to steal files.

> When a user-level solution for a site specific option such as this is
> available I say leave the kernel alone.

I think I'm with you on this one, philosophically.  Any volunteers to
make chown(1) (or is it chown(8)?) recognize that it's setuid root and
implement give-away-allowed chowning?

Hmmm.  On second thought, it does kinda need to be in the kernel,
'cause you should be able to give files away only on filesystems that
don't have quotas enabled.  Unless you want chown(1/8) to figure out
whether the file in question is on a filesystem with quotas....

					der Mouse