Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.cs.su.oz.au!metro!metro!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!howland.erols.net!www.nntp.primenet.com!nntp.primenet.com!nntp.uio.no!nntp.zit.th-darmstadt.de!fu-berlin.de!uniol!uni-erlangen.de!news.tu-chemnitz.de!irz401!orion.sax.de!uriah.heep!news From: j@uriah.heep.sax.de (J Wunsch) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: Why chown(2) is privileged? Date: 25 Oct 1996 08:54:23 GMT Organization: Private BSD site, Dresden Lines: 45 Message-ID: <54pv7v$897@uriah.heep.sax.de> References: <CANDY.96Oct24222129@xxx.fct.kgc.co.jp> <54ov5i$k8f$1@goanna.cs.rmit.edu.au> Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) NNTP-Posting-Host: localhost.heep.sax.de Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Newsreader: knews 0.9.6 X-Phone: +49-351-2012 669 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E maurice@goanna.cs.rmit.EDU.AU (Maurice Castro) wrote: > : Hello. Chown(2) fails if non super-user try to change the owner > : uid of his/her files. Why does BSD disallow non super-user to > : transfer ownership of files to the others? > There are 2 reasons why you cannot freely change the ownership of files: > > 1. quotas - if you can transfer the ownership of a file to someone > then they have it in their quota not yours. > > 2. security - with setuid files if you can change the ownership of > file then you can execute a program under inside someone else's protection > domain. (As you noticed, the second one is easy to fix in the kernel. All SysV's i've seen handle it this way.) When i first came to BSD from SysV's, i've also wondered about all this. However, i must say i haven't missed it... There's simply no reason why a normal user should be able to give away his files to somebody else. The SysV behaviour causes another funny (and sometimes seriously annoying) artifact: by default, their tar(1) tries to extract ownership and permission, even for non-root users. The underlying syscall doesn't prevent the user from doing so, and voilá!, you have just created a subtree in your directory you are no longer allowed to remove! The subdir itself is now owned by root and unwritable for you, but you need write permission in order to remove all the files from it, and you need to remove all the files from it in order to remove the directory... Even if tar wouldn't default to this behaviour, the fact remains that it's even _possible_ to shoot in your foot. Not allowing to chown() for ordinary users is the cleanest solution, even though this is a little unobvious for a SysV user. (The 4.4BSD symlinks suffer from a similar idiosyncracy when it comes to a 01777 mode directory.) -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)