Operating System - HP-UX
1839311 Members
3104 Online
110138 Solutions
New Discussion

Re: how can one user deny other user use chown command tochange file owner to hime

 
SOLVED
Go to solution
常有慈悲心
Regular Advisor

how can one user deny other user use chown command tochange file owner to hime

one user find that some other user ofter
create some file and change owner to him.
how can he deny this?
4 REPLIES 4
Biswajit Tripathy
Honored Contributor
Solution

Re: how can one user deny other user use chown command tochange file owner to hime

Not sure if "setprivgrp" command can help you.
See:
$ man 1M setprivgrp

- Biswajit
:-)
Patrick Wallek
Honored Contributor

Re: how can one user deny other user use chown command tochange file owner to hime

The only real way I know of is to restrict permissions to the chown command itself. Taking away the read and execute permission for world/other would do it.

Other than that, there is no way I know of.
A. Clay Stephenson
Acclaimed Contributor

Re: how can one user deny other user use chown command tochange file owner to hime

Even if you did remove the other execute permission bits of the chown command, it would be trivially easy to write a 2 or 3 line c program to do this or a Perl script.
It is simply fundamental to UNIX that the owner of a file is able to change a file attributes. Granting file ownership to anoter user is considered perfectly normal in the UNIX world.


What you might consider doing (although it is not foolproof) is to create a wrapper script for the chown command and set PATH so that the wrapper chown command is found before the "real" chown. You could log who is doing it, to which files, and when.
If it ain't broke, I can fix that.
常有慈悲心
Regular Advisor

Re: how can one user deny other user use chown command tochange file owner to hime

setprivgrp -n CHOWN

then when you su - user1,
chown user2 f1

it will tell not owner.