cancel
Showing results for 
Search instead for 
Did you mean: 

allow cp -p to keep owner

 
Highlighted
Frequent Advisor

allow cp -p to keep owner

hello,
I'm looking if there is a way to allow a standard user when copies a file with cp-p to keep the original file owner. It's ok with HP-UX 11i machines and this command works as I wrote, with REHL box don't. Even with local or nfs file systems.

Thank you.
bests
Romano
8 REPLIES 8
Highlighted
Honored Contributor

Re: allow cp -p to keep owner

It should work at least for local, for example:

# ls -la /home/ferreiri/.bashrc
-rw-r--r-- 1 ferreiri ferreiri 124 jun 18 2007 /home/ferreiri/.bashrc

# cp /home/ferreiri/.bashrc /tmp/prueba


# ls -la /tmp/prueba
-rw-r--r-- 1 root root 124 jun 2 18:29 /tmp/prueba

# cp -p /home/ferreiri/.bashrc /tmp/prueba


# ls -la /tmp/prueba
-rw-r--r-- 1 ferreiri ferreiri 124 jun 18 2007 /tmp/prueba

Can you post the same test done at your system?
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Highlighted
Honored Contributor

Re: allow cp -p to keep owner

> [...] a standard user [...]

> # cp -p [...]

As I understand it, a _standard_ user is not
normally allowed to create files owned by
some other user. Allowing this would tend to
make a joke out of disk quotas.

> Can you post the same test done at your
> system?

Or the actual commands you used and their
results. Actual evidence (of the impossible)
is more convincing than vague descriptions.
Highlighted
Frequent Advisor

Re: allow cp -p to keep owner

hello!
here the results:
user: pino
-rw-rw-r-- 1 romano users 69 2008-06-02 23:10 rocco

> cp -p rocco ../pino/
> ll ../pino/
-rw-rw-r-- 1 pino users 69 2008-06-02 23:10 rocco

thnk you
Highlighted
Frequent Advisor

Re: allow cp -p to keep owner

disk quota not enabled
Highlighted
Honored Contributor

Re: allow cp -p to keep owner

> disk quota not enabled

That does not make it a good idea to let "a
standard user" create files which some other
user owns. It's only one of the reasons, not
the only reason. For another example,
consider a file with rw-r--r-- permissions.
After you create it, if someone else owns it,
how do you delete it? You don't have
permission to delete it, and you don't have
permission to change its permissions.
Allowing this would not be wise.

> here the results:

I want to see where this works "ok" on an
"HP-UX 11i" system. (And what, exactly, is
"HP-UX 11i"? Show "uname -a" output.)
Highlighted
Honored Contributor

Re: allow cp -p to keep owner

This feature is sometimes called "allow file giveaway". It was an old Unix feature which has been found to be a security risk.

In Linux, it's generally disabled by design. If you use a XFS filesystem, you can enable it by setting /proc/sys/fs/xfs/restrict_chown to 0. The default value is 1. Other filesystem types don't seem to allow this feature at all.

In HP-UX, it's a system-wide feature controlled by setprivgrp() or the /etc/privgrp file.

If the /etc/privgrp file contains the string "-g CHOWN" when the system boots, anyone is allowed to change the ownerships of files. I think this used to be the default on some *old* HP-UX default installations.

If a HP-UX security auditor is worth his salt, he/she will certainly check this setting and ask for justification if it's enabled.

MK
MK
Highlighted
Frequent Advisor

Re: allow cp -p to keep owner

on hp-ux>
uname -a
HP-UX lochp10 B.11.11 U 9000/800 1560605287 unlimited-user license
Highlighted
Honored Contributor

Re: allow cp -p to keep owner

"man chown" suggests "man 1m setprivgrp", too.