permissions issue on print to a file

Fairlight fairlite at fairlite.com
Mon Dec 4 09:17:57 PST 2006 

On Mon, Dec 04, 2006 at 11:52:38AM -0500, Nancy Palmquist may or may not have
proven themselves an utter git by pronouncing:
> 
> After you complete the export, write and close the file, then you will 
> have permission to do a system command that will change the owner or 
> mode without issue.

Caveat:  While chmod will always work fine, chown will not let you shift
ownership away from yourself on most modern vintages of *nix.  This is a
security measure that protects filesystem quota bypassing and a few other
nasty things for which people could (and used to) abuse such funtionality.

The chmod will definitely be fine as long as you have ownership or are
root.  You have about a very small likelyhood of being able to chown away
from yourself, depending how old or loose your OS is.

Linux:

[XXXXXX] [~] [12:02pm]: chown kelly tsitest
chown: changing ownership of `test': Operation not permitted


SCO OSR 5.6 with quotas disabled:

[YYYYYY] [~] [12:03pm]: touch testfile
[YYYYYY] [~] [12:03pm]: ls -l testfile
-rw-r--r--    1 fairlite group        0 Dec  4 12:03 testfile
[YYYYYY] [~] [12:03pm]: chown filepro testfile
[YYYYYY] [~] [12:03pm]: ls -l testfile
-rw-r--r--    1 filepro  group        0 Dec  4 12:03 testfile


SCO OSR 5.0.6 with quotas enabled:

ZZZZZZZZZZZ: chown doomer testfile
chown: cannot change owner ID of testfile: Operation not permitted (error 1)


A linux system will not let you chown away from yourself no matter what; I
tried systems with and without quotas enabled.  I believe the same holds in
FBSD, although I don't have an FBSD system available for testing that does
not have quotas enabled.  SCO depends on whether or not quotas are enabled,
apparently, or it might actually be tunable in the kernel environment
(I seem to remember JPR saying something about the subject once upon a
time, but I don't care enough about SCO to look up the exact deciding
factor.).  Solaris won't let you do it if quotas are on, and I don't have
one available without quotas on which I could test.

Just be aware that reliance on pushing files away from yourself to someone
else will break on most systems nowadays.  Modes can always be changed if
you're the owner or root.  I suppose it's also worth mentioning that chown
(by anyone) will (and should) clear the SUID bit on most systems worth a
damn.  I think we've been over that on the list before, but it bears
repeating.  This was a bigger deal when you could chown away from yourself.
It's a safety net for someone doing it from root.

mark->
-- 
Try our new SPF-0 lotion, SunScream[tm].  Get it while it's hot!

More information about the Filepro-list mailing list