Operating System - Linux
1748185 Members
4362 Online
108759 Solutions
New Discussion юеВ

Re: Is there a version of chown for Linux for non-root users?

 
SOLVED
Go to solution
Sharon Prothero
Frequent Advisor

Is there a version of chown for Linux for non-root users?

Does any one know of a version of chown for RHEL4 which works the same way as chown on HP-UX? i.e. a version which allows a non-root user to give away ownership.

I know all the business about well-designed use of groups etc, etc, but we have over 15 years of HP-UX legacy set-up to overlay on to new Linux systems and this would be a lot less aggro than me as the root user having to modify all the current ownerships and permissions.
10 REPLIES 10
Steven E. Protter
Exalted Contributor

Re: Is there a version of chown for Linux for non-root users?

Shalom,

One version of chown

It works for all users.

Regular users can not execute chown on things they do not own. That is the way unix permissions work.

The command doesn't work any differently on HP-UX.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Ivan Ferreira
Honored Contributor

Re: Is there a version of chown for Linux for non-root users?

Linux won't allow you to chown a file, you do can chgrp a file if you are member of the new group.

This avoid security problems that could be caused by using the chown command, for example, creating a SUID program with a regular user and chown to root is a great security risk.

I think it's time to change your security model.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Patrick Wallek
Honored Contributor
Solution

Re: Is there a version of chown for Linux for non-root users?

I ran into this problem on SLES as well.

What I finally did to work around it was to change the permissions on /bin/chown so that the setuid is set.

My chown now looks like:

-rwsr-xr-x 1 root root 43472 May 3 2007 /bin/chown*

The normal chown permssions are:

-rwxr-xr-x 1 root root 43472 May 3 2007 /bin/chown*


I am also perfectly aware that this is a security hole. At this point in time, with the limited user access on this one system, I can live with it.
Sharon Prothero
Frequent Advisor

Re: Is there a version of chown for Linux for non-root users?

SEP,
The command is different between HP-UX and RHEL - a non-root RHEL user cannot change ownership of files they own; transcripts below.

$ uname
Linux
$ who am i
13784sp pts/3 Feb 9 10:50 (greebo)
$ ll
total 0
-rw-r--r-- 1 13784sp logica 0 Feb 9 15:05 blahh
$ chown root blahh
chown: changing ownership of `blahh': Operation not permitted

--------------------------------------------

$ uname
HP-UX
$ who am i
13784sp pts/tb Feb 9 15:02
$ ll
total 0
-rw-rw-rw- 1 13784sp logica 0 Feb 9 15:02 blahh
$ chown root blahh
$ ll
total 0
-rw-rw-rw- 1 root logica 0 Feb 9 15:02 blahh
$

I suppose I could just nfs mount everything from the Linux boxes and let the users change the permissions on a remaining HP-UX system. Or they can copy them to their PC as the account which owns the file and then copy back using the intended destination account.

Looks like I'll spend the next fortnight changing permissions and ownerships.


Sharon Prothero
Frequent Advisor

Re: Is there a version of chown for Linux for non-root users?

Thanks, Patrick. That at least gives me a work around if/when I need it. Some of our other settings may not meet security best practice, so we can probably live with one more occasionally.
Sharon Prothero
Frequent Advisor

Re: Is there a version of chown for Linux for non-root users?

chmod +s chown
Ivan Ferreira
Honored Contributor

Re: Is there a version of chown for Linux for non-root users?

In this case, you should at least create a script the wraps the chown command to ensure that the calling user is owner of the file to change.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Goran┬аKoruga
Honored Contributor

Re: Is there a version of chown for Linux for non-root users?

Heh this brings back memories of how we used this anomaly in 'chown' on HP-UX to get arround quota ...

Goran
Sharon Prothero
Frequent Advisor

Re: Is there a version of chown for Linux for non-root users?

Thanks for the pointer about wrapping chown in a script. Looks like we're making RHEL chown work like HP-UX chown at last.