HPE Community
Operating System - HP-UX
1827197 Members
2620 Online
109716 Solutions
New Discussion

chown

 
j773303
Super Advisor

‎12-25-2003 05:28 PM

‎12-25-2003 05:28 PM

chown

Is it possible let user can't change file owner and group?
For ex:
ll test1, the output as below
--------- file1 test1 users

Then, how to let user test1 can't change owner and group, I try chown bin:bin file1, it's ok to change it, but I don't want to change the user file owner and group, only the root can change it.
Hero
0 Kudos
Reply
7 REPLIES 7
T G Manikandan
Honored Contributor

‎12-25-2003 07:20 PM

‎12-25-2003 07:20 PM

Re: chown

Any owner of a file can do a chown on that file change ownership to another user.

If you want to disable the chown for a user.Make sure that is home directory and files are not owned by him.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎12-25-2003 07:23 PM

‎12-25-2003 07:23 PM

Re: chown

easy way.

let root own the file.

Or follow the advice in the prior post.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
j773303
Super Advisor

‎12-25-2003 07:30 PM

‎12-25-2003 07:30 PM

Re: chown

setprivgrp -n CHOWN

Any impact or security issue on this? Thanks.
Hero
0 Kudos
Reply
T G Manikandan
Honored Contributor

‎12-25-2003 08:59 PM

‎12-25-2003 08:59 PM

Re: chown

That command will take the CHOWN for all groups/users.
0 Kudos
Reply
Michael Schulte zur Sur
Honored Contributor

‎12-26-2003 12:18 AM

‎12-26-2003 12:18 AM

Re: chown

Hi,

I think, the user must have rights to write for the direcory and the file. The access for file1 is nothing. Changing the owner ship for a non root user to another user wont work.

greetings,

Michael
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎12-26-2003 05:41 AM

‎12-26-2003 05:41 AM

Re: chown

The owner of a file can change the ownership of their own files. Simply change the ownership to another user such as test2 (or root). Then test1 cannot change the ownership (error = not owner). The file contents can be read or written as controlled by the permissions of the file, BUT the file's existence (ie, mv or rm) is NOT controlled by the file's permissions/ownerships, it is controlled by the directory's permissions/ownerships.


Bill Hassell, sysadmin
0 Kudos
Reply
hein coulier
Frequent Advisor

‎12-28-2003 08:34 PM

‎12-28-2003 08:34 PM

Re: chown

I was thinking that acl's could provide the solution, but 'man 5 acl' is repeting previous posts :

The right to alter DAC information (permission bits or ACL entries). Change permission is granted to object (file) owners and to privileged users.

so even a "chacl (${ownername}.%, ---) *" should not work. However, i remember i examinded the veritas acl-version (that comes with jfs4 if memory servers me well), and that is had a different behaviour than the standard acl. Unfortunatly, i don't have any system with the veritas acl-soft on, so i can't help you any further.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.