SELinux - a call for end-of-life.
Bryn M. Reeves
bmr at redhat.com
Thu Sep 2 13:42:14 UTC 2010
On 09/02/2010 01:46 PM, Tim wrote:
> Again, it's more or less what I said, earlier. To *give* someone a
> file, your only options are to let them read the file, and then they
> copy it. If you want them to *own* the file, instead of you.
>
And that's how it's supposed to work. Only root (or rather processes
with CAP_CHOWN) can change the uid of an existing object in the file
system like this. Disabling this would break _POSIX_CHOWN_RESTRICTED
behaviour (which you can do if you like but don't expect other users of
a general-purpose distro to want it!).
In the dim and distant past you could use chown to give your files away;
it allowed users to subvert the quota system (and today would likely
create fun for xattrs too).
The current Linux behaviour for chown is a standards requirement:
http://www.opengroup.org/onlinepubs/7990989775/xsh/chown.html
If you don't like the behaviour you need to come up with a way to allow
what you want without affecting standards compliance or existing users
who are happy with that behaviour.
Solaris seems to have a knob to disable this compliance but I'm not
aware of such a thing on Linux. You should be able to get a similar
effect via capabilities on Linux (giving all processes CAP_CHOWN) but
it's not something I've ever tried and I don't recommend it.
Regards,
Bryn.
More information about the users
mailing list