setperms on linux

Jean-Pierre A. Radley appl at jpr.com
Thu Apr 13 12:47:21 PDT 2006


Mark Luljak propounded (on Thu, Apr 13, 2006 at 02:12:24AM -0400):
| On Wed, Apr 12, 2006 at 11:11:03PM -0400, J. P. Radley may or may not have
| proven themselves an utter git by pronouncing:
| > >From the 'man chown' page on SCO OSR 6.0.0:
| > 
| >    Use of this utility is governed by the chown kernel privilege.
| >    Restricted chown is required for NIST FIPS 151-1 conformance.
| > 
| >    If you have chown kernel privilege, you can change the owner and group
| >    of files that you initially own. If you do not have chown privilege,
| >    you cannot change the ownership of files; you can change their group,
| >    but only if the files are initially owned by you, and the new group is
| >    your effective group ID or is listed in your supplemental group list.
| 
| Then I suggest you try it on Bob's machine, JP.  That's where I was allowed
| to do it.  Same when it was 5.0.6 before the 5.6 upgrade.  If the kernel
| environment has to be relinked to disallow it, well then it's not secure by
| default, obviously.  My comments would then stand.

No relinking involved; but the default set of privileges does include chown.

-- 
JP
	==> http://www.frappr.com/cusm <==


More information about the Filepro-list mailing list