SemiOT: filePro on FreeBSD chown gotcha
Jay R. Ashworth
jra at baylink.com
Tue Jun 22 10:11:49 PDT 2004
On Tue, Jun 22, 2004 at 12:57:02PM -0400, Fairlight wrote:
> Is it just me, or did Jay Ashworth say:
> > On Tue, Jun 22, 2004 at 12:04:13PM -0400, Walter Vaughan wrote:
> > > <quote>
> > > The ownership of a file may only be altered by a super-user for obvious
> > > security reasons.
> > > </quote>
> >
> > Yeah, right.
> >
> > It's for "university students can't avoid file quotas" reasons.
>
> Agreed. Whether someone considers quotas part of the security subsystem is
> a questionable point. Some might consider workarounds to exceed quotas
> "unauthorised use".
>
> > Nope; you're screwed. BSD-ish systems, which include Linux, but not
> > SCO, constrain chown(2) in that fashion; Linux-ABI commonly correctly
> > emulates the SCO behaviour, although I'm having a showstopper problem
> > with that on SUSE 9 right now: a kernel upgrade apparently broke *that
> > part* of the ABI; older 9.0 installs work ok.
>
> Hate to tell you, but Solaris 7 and 8 both constrain chown() as well.
Did you have the impression I'd be surprised? Polaris is BSD-based.
> By
> default anyway. But the following may help anyone on Solaris, and may also
> give everyone else a basis to scour their own platforms for an equivalent:
>
> The operating system provides a configuration option,
> {_POSIX_CHOWN_RESTRICTED}, to restrict ownership changes for
> the chown(), lchown(), and fchown() functions. When
> {_POSIX_CHOWN_RESTRICTED} is not in effect, either the
> effective user ID of the process must match the owner of the
> file or the process must be the super-user to change the
> ownership of a file. When {_POSIX_CHOWN_RESTRICTED} is in
> effect (the default behavior), the chown(), lchown(), and
> fchown() functions, for users other than super-user, prevent
> the owner of the file from changing the owner ID of the
> file and restrict the change of the group of the file to the
> list of supplementary group IDs. To set this configuration
> option, include the following line in /etc/system:
>
> set rstchown = 1
>
> Looks like the behaviour is part of one of the POSIX standards.
They stole it from BSD. Nice to know Polaris has a knob, at least.
> It doesn't
> surprise me that linux would honour it, in this event. But it -may- be
> configurable, as well. I highly doubt it would be configurable in the same
> way. It might need a recompile of libc itself. The reason I say this is a
> cursory glance at the RH 7.3 chown(2) man page:
>
> The chown call conforms to SVr4, SVID, POSIX, X/OPEN. The
> 4.4BSD version can only be used by the superuser (that is,
> ordinary users cannot give away files). SVr4 documents
> EINVAL, EINTR, ENOLINK and EMULTIHOP returns, but no
> ENOMEM. POSIX.1 does not document ENOMEM or ELOOP error
> conditions.
That's the ugliest, least useful manpage I've *ever* seen.
> This implies to me that it's configurable if you compile it non-BSD-style.
Compile *what*? libc6?
Ick.
If it ain't a runtime knob, it doesn't help me much...
Cheers,
-- jra
--
Jay R. Ashworth jra at baylink.com
Designer Baylink RFC 2100
Ashworth & Associates The Things I Think '87 e24
St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274
2004 Stanley Cup Champion Tampa Bay Lightning
More information about the Filepro-list
mailing list