topic Re: Is there a version of chown for Linux for non-root users? in Operating System - Linux

Is there a version of chown for Linux for non-root users?

Sharon Prothero — Tue, 09 Feb 2010 11:38:16 GMT

Does any one know of a version of chown for RHEL4 which works the same way as chown on HP-UX? i.e. a version which allows a non-root user to give away ownership.

I know all the business about well-designed use of groups etc, etc, but we have over 15 years of HP-UX legacy set-up to overlay on to new Linux systems and this would be a lot less aggro than me as the root user having to modify all the current ownerships and permissions.

Re: Is there a version of chown for Linux for non-root users?

Steven E. Protter — Tue, 09 Feb 2010 13:21:42 GMT

Shalom,

One version of chown

It works for all users.

Regular users can not execute chown on things they do not own. That is the way unix permissions work.

The command doesn't work any differently on HP-UX.

SEP

Re: Is there a version of chown for Linux for non-root users?

Ivan Ferreira — Tue, 09 Feb 2010 13:52:39 GMT

Linux won't allow you to chown a file, you do can chgrp a file if you are member of the new group.

This avoid security problems that could be caused by using the chown command, for example, creating a SUID program with a regular user and chown to root is a great security risk.

I think it's time to change your security model.

Re: Is there a version of chown for Linux for non-root users?

Patrick Wallek — Tue, 09 Feb 2010 15:16:14 GMT

I ran into this problem on SLES as well.

What I finally did to work around it was to change the permissions on /bin/chown so that the setuid is set.

My chown now looks like:

-rwsr-xr-x 1 root root 43472 May 3 2007 /bin/chown*

The normal chown permssions are:

-rwxr-xr-x 1 root root 43472 May 3 2007 /bin/chown*

I am also perfectly aware that this is a security hole. At this point in time, with the limited user access on this one system, I can live with it.

Re: Is there a version of chown for Linux for non-root users?

Sharon Prothero — Tue, 09 Feb 2010 15:17:19 GMT

SEP,
The command is different between HP-UX and RHEL - a non-root RHEL user cannot change ownership of files they own; transcripts below.

$ uname
Linux
$ who am i
13784sp pts/3 Feb 9 10:50 (greebo)
$ ll
total 0
-rw-r--r-- 1 13784sp logica 0 Feb 9 15:05 blahh
$ chown root blahh
chown: changing ownership of `blahh': Operation not permitted

--------------------------------------------

$ uname
HP-UX
$ who am i
13784sp pts/tb Feb 9 15:02
$ ll
total 0
-rw-rw-rw- 1 13784sp logica 0 Feb 9 15:02 blahh
$ chown root blahh
$ ll
total 0
-rw-rw-rw- 1 root logica 0 Feb 9 15:02 blahh
$

I suppose I could just nfs mount everything from the Linux boxes and let the users change the permissions on a remaining HP-UX system. Or they can copy them to their PC as the account which owns the file and then copy back using the intended destination account.

Looks like I'll spend the next fortnight changing permissions and ownerships.

Re: Is there a version of chown for Linux for non-root users?

Sharon Prothero — Tue, 09 Feb 2010 15:24:25 GMT

Thanks, Patrick. That at least gives me a work around if/when I need it. Some of our other settings may not meet security best practice, so we can probably live with one more occasionally.

Re: Is there a version of chown for Linux for non-root users?

Sharon Prothero — Tue, 09 Feb 2010 15:26:46 GMT

chmod +s chown

Re: Is there a version of chown for Linux for non-root users?

Ivan Ferreira — Tue, 09 Feb 2010 18:55:52 GMT

In this case, you should at least create a script the wraps the chown command to ensure that the calling user is owner of the file to change.

Re: Is there a version of chown for Linux for non-root users?

Goran Koruga — Wed, 10 Feb 2010 06:21:59 GMT

Heh this brings back memories of how we used this anomaly in 'chown' on HP-UX to get arround quota ...

Goran

Re: Is there a version of chown for Linux for non-root users?

Sharon Prothero — Wed, 10 Feb 2010 10:30:47 GMT

Thanks for the pointer about wrapping chown in a script. Looks like we're making RHEL chown work like HP-UX chown at last.

Re: Is there a version of chown for Linux for non-root users?

Dennis Handly — Sun, 14 Feb 2010 09:06:20 GMT

>The command is different between HP-UX and RHEL

On HP-UX, you can configure chown to work either way, on Linux it appears you can't.