[SOLVED] chown: changing ownership of `<file>': Operation not permitted

schuurs · 02-01-2010, 06:41 AM

Hello,

I am trying to change the ownership of a file but I get the next message:
chown: changing ownership of `<file>': Operation not permitted

The situation is as follows.

My username: schuurs
My primary group: meten
My secundary group: agi
My home directory is located on server "srmc"

cp <file> /home/agi/library/import/.

ls -l /home/agi/library/import/<file>
-rw-r--r-- 1 schuurs meten ...... <file>

User rights import directory drwxrwxrwx
Owner import directory: agi
Group import directory: agi

Primary group of user agi: meten
Secundary group of user agi: agi
Agi's home directory is located in server "dt"

If I am trying to change the ownership (chown) of the previously copied file to 'agi', I will receive the message that the operation is not permitted.
Next to that, it is possible to change the group (chgrp)of the file to 'agi'.

If I copy the same file to a different user, it is possible to change the ownership.

Does someone has a clue if I am forgetting something?

catkin · 02-01-2010, 07:39 AM

Is there a "file access control list" (FACL) on the file? The getfacl command can be used to display FACLs.

devnull10 · 02-01-2010, 03:03 PM

Are you doing it as root?

schuurs · 02-02-2010, 12:58 AM

Dear catkin,
When I execute the getfacl command on the file, Ill get:

schuurs@<hostname>:/home/agi/library/import >> getfacl file
# file: file
# owner: schuurs
# group: meten
user::rw-
group::r--
other::---

Dear Devnull10,
I am not root when I try to change the ownership.

catkin · 02-02-2010, 01:54 AM

Quote:

Originally Posted by schuurs

schuurs@<hostname>:/home/agi/library/import >> getfacl file
# file: file
# owner: schuurs
# group: meten
user::rw-
group::r--
other::---

That is normal when there are no FACLs. In a recent posting someone mentioned the ls command's -Z option to show any SElinux access restrictions. Can you try that and post back?

Another possibility is that the file is on a read-only file system. Are you able to create or modify files in the same directory as the problem file?

jschiwal · 02-02-2010, 02:18 AM

Only root can change file ownerships. If you copy a file, you are creating a new one. Some *nixes support suid directories where the ownership is changed to that of the directory owner. You can use chgrp if you are member of that group.

You can use setfacl to give permissions to another user. ( The "acl" mount option needs to be used and the filesystem must allow it )

You said that your home directory is on another server, and the prompt seems to indicate you are logged in with ssh or rsh to that system. Is that server Linux?

devnull10 · 02-02-2010, 12:43 PM

As said above, you need to be root. Otherwise you could just create a program, suid it and then chown to root!!

schuurs · 02-03-2010, 01:23 AM

Dear catkin,

The workstation is using RHEL3.7, SElinux is not existing in this OS.
However, the server on which "agi" is located is using RHEL5. I have to ask the system manager of this server.
I do not know which OS is used by the server where my home disk is located on.

Next to that, I can create and modify files. This means that it is not a read-only file system.

Dear jschiwal,
If only root can change the ownership, why can I change the ownership of a file if I copied it to the location of a different user?
Maybe, this is true on the RHEL5 server and not on servers with an older OS.

My prompt is how I created it, I am not using ssh.
I can use "cd" to walk to the location I need on the "agi" disk.

Dear devnull10,
Your comment sounds logical.

catkin · 02-03-2010, 02:06 AM

Quote:

Originally Posted by schuurs

If only root can change the ownership, why can I change the ownership of a file if I copied it to the location of a different user?

Because copying creates a new file and the new file is created with your default owner, group and permissions.

schuurs · 02-04-2010, 12:47 AM

Quote:

Originally Posted by catkin

Because copying creates a new file and the new file is created with your default owner, group and permissions.

The file on which I am trying to change the ownership is also having my default owner and group permissions.

I checked with the system administrator if SElinux is bugging me. We tried by disabling it for a short moment, but without succes. SElinux is not bugging me.

schuurs · 02-04-2010, 12:54 AM

Dear devnull10,

Do you know if it is possible to disable the behavior of only let root change the ownership of a file?

The reason is as follows:
A test engineer copies a testprogram to the import directory.
One of the library managers copies the testprogram to one of the testprogram libraries without using logging in as "agi"
this is blocked so that only the persons who are part of the group "agi" can copy a testprogram to one of the libraries.
The end owner of the testprogram should be "agi", not the library manager who copied the testprogram.

This worked when the account of "agi" was still located on an HP-UX system. Now that it is located on a RHEL5 system, it does not work anymore.

devnull10 · 02-04-2010, 03:10 PM

You could use groups, guid and umask or you could use sudo to allow the changing of file permissions. The first is by far the preferred method though - you can do a lot of damage if you change the permissions of a file incorrectly!!

schuurs · 02-05-2010, 12:56 AM

Dear devnull10,

I agree with you.
It this moment the library permissions are arranged with groups and I think I have to accept the fact that there are differences between the old HP-UX and Linux.

schuurs · 02-05-2010, 12:57 AM

Dear all,

Thank you for explaining this topping to me.