Subject: Re: chown, quotas and security
To: Greg A. Woods <firstname.lastname@example.org>
From: I can teach you how to fish... <email@example.com>
Date: 11/07/1994 13:28:39
I'm not convinced that it would. There is a _POSIX_CHOWN_RESTRICTED
option in a POSIX environment (see sysconf()), and if that flag
is in effect, chown is restricted to the superuser.
Of course, this would severely bloat the kernel to have it in there
at run-time (and it would be a performance hit), so it's probably
better to have a compile-time flag which sets it appropriately
(how often are you *really* going to be twiddling this bit?).
And if chown is permitted, the group doesn't matter, as I said
earlier. I suspect the key element here is that the set?id bits
get cleared if a non-super-user does this.
Of course if you do something to really screw up access permissions as on,
say, a directory, then you lose, but, hey, isn't that what UNIX is
"UNIX does not stop you from doing really stupid things, because then
UNIX would be stopping you from doing really clever things."
-- Doug Gwyn
_______Wizardry is dead._____ _____WHO: Greywolf (my nameplate even says so)
/ ___\ _ \ __\ V / \ / /__ \| | __/WHAT: UNIX System Mangler...er, Admin
\ \| | < _| ` ' \ '` / \/ /|_| _/ WHERE: Autodesk, Inc. 3 Harbor Dr.
\___|_|\_\__\|_| \/\/ \__/___/_| Sausalito, CA 94965 (415) 332-2344 x4219
see also: firstname.lastname@example.org