Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!goanna.cs.rmit.edu.au!not-for-mail From: maurice@goanna.cs.rmit.EDU.AU (Maurice Castro) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: Why chown(2) is privileged? Date: 25 Oct 1996 09:46:58 +1000 Organization: Comp Sci, RMIT, Melbourne, Australia Lines: 27 Message-ID: <54ov5i$k8f$1@goanna.cs.rmit.EDU.AU> References: <CANDY.96Oct24222129@xxx.fct.kgc.co.jp> NNTP-Posting-Host: localhost.cs.rmit.edu.au NNTP-Posting-User: maurice X-Newsreader: TIN [UNIX 1.3 950824BETA PL0] Toshihiro Kanda (candy@fct.kgc.co.jp) wrote: : Hello. Chown(2) fails if non super-user try to change the owner : uid of his/her files. Why does BSD disallow non super-user to : transfer ownership of files to the others? : : Thank you. : : candy@fct.kgc.co.jp (Toshihiro Kanda) There are 2 reasons why you cannot freely change the ownership of files: 1. quotas - if you can transfer the ownership of a file to someone then they have it in their quota not yours. 2. security - with setuid files if you can change the ownership of file then you can execute a program under inside someone else's protection domain. The latter problem can be fixed by clearing the setuid bit on ownership transfer, unfortunately the former problem cannot be fixed. From a system design point of view it is simpler to make chown privileged and use the setuid facility to allow individual systems to create their own policies which are enforced by code outside of the kernel and hence easily customisable. Maurice Castro