HPE Community
Operating System - Linux
1827331 Members
5959 Online
109963 Solutions
New Discussion

Re: redhat 3.0 AS -- allowing user to change ownership of a file

 
Unix Administrator_5
Frequent Advisor

‎12-20-2004 01:44 AM

‎12-20-2004 01:44 AM

redhat 3.0 AS -- allowing user to change ownership of a file

Redhat does not allow non-priveleged users the
ability to change ownership of a file, even if he owns it.

We have a need to have the ability to allow a user
to have this ability.

We have thought about having a wrapper script and then sudo it; however, I am concerned about the
options. Is there anyway to keep the options -- safe, i.e. not have someone enter a crazy option that might execute arbitrary code as root?

Any ideas would be appreciated
0 Kudos
Reply
3 REPLIES 3
Vitaly Karasik_1
Honored Contributor

‎12-20-2004 02:14 AM

‎12-20-2004 02:14 AM

Re: redhat 3.0 AS -- allowing user to change ownership of a file

Well, you may just provide sudo for chown, but in this case user may create suided shell :-)

May I ask *why* you need this ability? - probably we'll be able to answer using other unix tools.
0 Kudos
Reply
Sergejs Svitnevs
Honored Contributor

‎12-20-2004 03:07 AM

‎12-20-2004 03:07 AM

Re: redhat 3.0 AS -- allowing user to change ownership of a file

Only root should be able to change the ownership of the file.
Here goes a trick of gaining root access:
if you set the SUID-bit on a program, it runs as the owner.

As root:
1) Create temporary directory /tmp/ch_own:
mkdir /tmp/ch_own
2) Copy /bin/chown to the as "script":
cp /bin/chown /tmp/ch_own/script
3) Turn the SUID bit ON using:
chmod +s /tmp/ch_own/script

Login as non-priveleged user, then:
1) Create file demo.txt
2) Now change the ownership of demo.txt using:
/tmp/ch_own/script . demo.txt


Now any user can change the ownership of the file. But ... it is a serious security risk.

Regards,
Sergejs
0 Kudos
Reply
Unix Administrator_5
Frequent Advisor

‎12-20-2004 05:35 AM

‎12-20-2004 05:35 AM

Re: redhat 3.0 AS -- allowing user to change ownership of a file

We are currently trying to come up with a safer way.

In response to the suid chown issue, If i rembmer correctly hpux will not carry the suid bit when a file is copied.

But your points are well taken.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.