Re: [newbie] Ownership thing
On Sat, 7 Jun 2003 20:12:42 +0300 Kristjan [EMAIL PROTECTED] wrote: Hi It must be a simple thing but still How can I make so that users can change the ownership of files that are resided in their own home directory and that are not owned by them Currently an user who issues 'chown' command to the file that is not owned by him only gets that operation is not permitted Kristjan You cannot. If someone does not have write permission to a file, then regardless of where that file is they cannot change it. The question is really How come your users have files in their 'home' they do not own? Normally the user will have write access to anything in their home. derek Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Ownership thing
On Saturday 07 June 2003 01:12 pm, Kristjan wrote: Hi It must be a simple thing but still How can I make so that users can change the ownership of files that are resided in their own home directory and that are not owned by them Currently an user who issues 'chown' command to the file that is not owned by him only gets that operation is not permitted You're right, interesting. I know that a user cannot create a file in a user directory other than their own unless you have some group thing set up. [EMAIL PROTECTED] /home/greg] $ touch testfile touch: cannot touch `testfile': Permission denied I also know that a user can manipulate a file in their own home directory even without ownership. In other words, if a file owned by root exists in my home, I can delete it. [EMAIL PROTECTED] ~] $ ls -l testfile -rw-r--r--1 root root0 Jun 7 13:42 testfile [EMAIL PROTECTED] ~] $ rm testfile rm: remove write-protected regular empty file `testfile'? y [EMAIL PROTECTED] ~] $ ls testfile ls: testfile: No such file or directory Anybody know the answer to this? -- Greg Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Ownership thing
I also know that a user can manipulate a file in their own home directory even without ownership. In other words, if a file owned by root exists in my home, I can delete it. [EMAIL PROTECTED] ~] $ ls -l testfile -rw-r--r--1 root root0 Jun 7 13:42 testfile [EMAIL PROTECTED] ~] $ rm testfile rm: remove write-protected regular empty file `testfile'? y [EMAIL PROTECTED] ~] $ ls testfile ls: testfile: No such file or directory Anybody know the answer to this? I believe that is because the dir is writable and executable. A workaround to chowning a file might be to copy it and delete the original... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Ownership thing
On Saturday 07 Jun 2003 6:45 pm, Greg Meyer wrote: On Saturday 07 June 2003 01:12 pm, Kristjan wrote: Hi It must be a simple thing but still How can I make so that users can change the ownership of files that are resided in their own home directory and that are not owned by them Currently an user who issues 'chown' command to the file that is not owned by him only gets that operation is not permitted You're right, interesting. I know that a user cannot create a file in a user directory other than their own unless you have some group thing set up. [EMAIL PROTECTED] /home/greg] $ touch testfile touch: cannot touch `testfile': Permission denied I also know that a user can manipulate a file in their own home directory even without ownership. In other words, if a file owned by root exists in my home, I can delete it. [EMAIL PROTECTED] ~] $ ls -l testfile -rw-r--r--1 root root0 Jun 7 13:42 testfile [EMAIL PROTECTED] ~] $ rm testfile rm: remove write-protected regular empty file `testfile'? y [EMAIL PROTECTED] ~] $ ls testfile ls: testfile: No such file or directory Anybody know the answer to this? Generally, you only need write access to the directory for any changes that are stored in the directory tables. So you can rename and delete files that you cannot write to. There was a workaround that you could do in 1980s Unices in that /etc was owned by Engineer, so if you lost the root password you could just mv the entire passwd file and create a new one. (Oops!) Since the owner and group are stored in the same tables I would expect that changing them would be possible. From playing around here it would seem that you cannot chgrp to or from a group that you are not in. By extension it would seem that chown works the same way. Strangely enough the documentation for chown makes no mention of this behavior. -- Richard Urwin Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Ownership thing
* Kristjan [EMAIL PROTECTED] [030607 12:29]: How can I make so that users can change the ownership of files that are resided in their own home directory and that are not owned by them Currently an user who issues 'chown' command to the file that is not owned by him only gets that operation is not permitted Several others have responded already, but I'll give a try here ... hopefully it will become clearer. Ownership and permissions on a directory determine what can be done in that directory. If you have read permission, you can see the names of files. If you have write permission, you can create files or subdirectories in that directory, move files in or out, and delete files or subdirectories. If you have execute permission, you can traverse or descend down through the directory to see directories below it; if not you are blocked from subdirectories. Ownership and permissions on a file relate to the file itself, with no consideration for the directory. If you have read permission, you can read the file. If you have write permission, you can change it. If you have execute permission, you can execute it as a script or program. Only root can change the ownership of a file or directory. The owner of a file or directory can change its group ONLY if the owner is a member of the group being changed to. Applying these principles, as others have suggested, the non-root owner cannot change who owns the file. But if the file is not read-only, she can make a copy of it. The copy will then be owned by her. If she has write privileges in the directory, she can then delete the old file. When you start thinking the Unix way is actually fairly consistent (which it is) then you're One Of Us ;-) -- Jan Wilson, SysAdmin _/*]; [EMAIL PROTECTED] Corozal Junior College | |:' corozal.com corozal.bz Corozal Town, Belize | /' chetumal.com linux.bz Reg. Linux user #151611 |_/ Network, PHP, Perl, HTML Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Ownership thing
You can use the Sticky Bit Read this article: http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/admin-primer/ch-acctsgrps.html Steven --Extract-- setuid used only for applications, this permission indicates that the application runs as the owner of the file and not as the user executing the application. It is indicated by the character s in place of the x in the owner category. If the owner of the file does not have execution permissions, the S is capitalized. --set it with: chmod 4xxx dir/file-- setgid used primarily for applications, this permission indicates that the application runs as the group owning the file and not as the group executing the application. If applied to a directory, all files a user creates within the directory are owned by the group who owns the directory, rather than by the user's private group (see the chapter titled Users and Groups in Official Red Hat Linux Reference Guide for more about user private groups). It is indicated by the character s in place of the x in the group category. If the group owner of the file or directory does not have execution permissions, the S is capitalized. --set it with: chmod 2xxx dir/file-- sticky bit used primarily on directories, this bit dictates that a file created in the directory can be removed only by the user who created the file. it is indicated by the character t in place of the x in the everyone category. in Red Hat Linux the sticky bit is set by default on the /tmp/ directory for exactly this reason. --set it with: chmod 1xxx dir/file-- - On Sat, 2003-06-07 at 19:12, Kristjan wrote: Hi It must be a simple thing but still How can I make so that users can change the ownership of files that are resided in their own home directory and that are not owned by them Currently an user who issues 'chown' command to the file that is not owned by him only gets that operation is not permitted Kristjan __ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Ownership thing
This is a desirable security feature. But as mentioned if you $ cp source foo $ rm source $ mv foo source user now owns source. On Sun, 08 Jun 2003 06:12, Richard Urwin wrote: On Saturday 07 Jun 2003 6:45 pm, Greg Meyer wrote: On Saturday 07 June 2003 01:12 pm, Kristjan wrote: Hi It must be a simple thing but still How can I make so that users can change the ownership of files that are resided in their own home directory and that are not owned by them Currently an user who issues 'chown' command to the file that is not owned by him only gets that operation is not permitted You're right, interesting. I know that a user cannot create a file in a user directory other than their own unless you have some group thing set up. [EMAIL PROTECTED] /home/greg] $ touch testfile touch: cannot touch `testfile': Permission denied I also know that a user can manipulate a file in their own home directory even without ownership. In other words, if a file owned by root exists in my home, I can delete it. [EMAIL PROTECTED] ~] $ ls -l testfile -rw-r--r--1 root root0 Jun 7 13:42 testfile [EMAIL PROTECTED] ~] $ rm testfile rm: remove write-protected regular empty file `testfile'? y [EMAIL PROTECTED] ~] $ ls testfile ls: testfile: No such file or directory Anybody know the answer to this? Generally, you only need write access to the directory for any changes that are stored in the directory tables. So you can rename and delete files that you cannot write to. There was a workaround that you could do in 1980s Unices in that /etc was owned by Engineer, so if you lost the root password you could just mv the entire passwd file and create a new one. (Oops!) Since the owner and group are stored in the same tables I would expect that changing them would be possible. From playing around here it would seem that you cannot chgrp to or from a group that you are not in. By extension it would seem that chown works the same way. Strangely enough the documentation for chown makes no mention of this behavior. -- Michael Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com