From owner-freebsd-questions@FreeBSD.ORG Tue Mar 23 03:59:12 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 54A4416A4CE for ; Tue, 23 Mar 2004 03:59:12 -0800 (PST) Received: from dire.bris.ac.uk (dire.bris.ac.uk [137.222.10.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id A4B7843D31 for ; Tue, 23 Mar 2004 03:59:11 -0800 (PST) (envelope-from Jan.Grant@bristol.ac.uk) Received: from mail.ilrt.bris.ac.uk by dire.bris.ac.uk with SMTP-PRIV with ESMTP; Tue, 23 Mar 2004 11:57:18 +0000 Received: from cmjg (helo=localhost) by mail.ilrt.bris.ac.uk with local-esmtp (Exim 3.16 #1) id 1B5kWt-0002Jh-00; Tue, 23 Mar 2004 11:57:11 +0000 Date: Tue, 23 Mar 2004 11:57:11 +0000 (GMT) From: Jan Grant X-X-Sender: cmjg@mail.ilrt.bris.ac.uk To: "Gerald S. Stoller" In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: Jan Grant cc: freebsd-questions@FreeBSD.ORG Subject: Re: The chown command X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Mar 2004 11:59:12 -0000 On Mon, 22 Mar 2004, Gerald S. Stoller wrote: > This gives the system owner the flexibility to leave > it this way, or to restrict this ability to root as it is now by > seting chown's permissions to 500 , it is already owned by root. The "chown" command merely uses the "chown" system call. It is perfectly possible for a user to write and compile their own version of the chown command; so setting permissions on a particular executable do not, in and of themselves, prevent users from effectively duplicating the effect of the command. This is broadly true across all unixalikes. > This is all that a single actual user (as most home systems are) > system needs, but for a true multi-user system one may want to restrict > the change to cases where the new owner and the current owner are members > of one group (and the system administrater should be careful about adding > users to the group wheel ). If the system has some groups that contain > all users, we may want to allow them to be excluded from consideration, > though we shouldn't worry about this now. > I would like to push for such a change and wish others would > join me; if anyone knows of any possible problems from this change, or > has any objections to it, please let me know. This seems overly complicated. The reasons chown is generally limited are security-motivated: for example, one can subvert a quota system by "giving away" files. Rather than present your solution first, perhaps you could indicate the use cases that motivate your suggestion. There may be other ways to achieve the goals you have. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/ "...perl has been dead for more than 4 years." - Abigail in the Monastery