Why can't users chgrp ?

Rotwang · 03-22-2004, 02:51 PM

I've asked this question before, although not on this site yet, and I never got a response I understood.

Why is it that an pretty much every unix/linux platform, by default, users cannot chgrp ?

If my users own a file why I can't they decide who else he wants to share it with? Why do they have to come bug me for that?

And while I'm posting- how do I set chgrp to work for everyone? It's already set to 755, but when a user tries to chgrp a file he owns it says

chgrp: changing group of `index.html': Operation not permitted

(edit added: Mandrake 9.2)

Tinkster · 03-22-2004, 03:29 PM

Whos says they can't? They only need to be member
of the target group as well ...

And to me it seems quite logical that one shouldn't
be allowed to change ownership of something to someone/
something one has no control over...
If I were able to chgrp <someotherusersgroup> <file> I
couldn't get that file back ... the only way to get rid of
the other persons rights would be to delete the file (copy
to another place, delete the original, copy it back).

Cheers,
Tink

AutOPSY · 03-22-2004, 03:33 PM

not only that but if you wrote an exploit of some kind whatever it may be, that exploit if it wre to fork child processes, that parent/child could masquerade in someones group that wouldnt be good.

Rotwang · 03-22-2004, 04:05 PM

Quote:

Originally posted by Tinkster
Whos says they can't? They only need to be member
of the target group as well ...
Cheers,
Tink

that was it, thanks.

Hey one more thng, is there a line command to display a user? I read the man page on usermod but it doesnt have something like a "display" flag. Do I have to just read /etc/passwd itself and figure out the colons, etc?

Tinkster · 03-22-2004, 04:32 PM

Quote:

Originally posted by Rotwang
that was it, thanks.

Pleasure :}

Quote:

Hey one more thng, is there a line command to display a user? I read the man page on usermod but it doesnt have something like a "display" flag. Do I have to just read /etc/passwd itself and figure out the colons, etc?

What do you mean by "display a user"?

Please re-phrase in a way that a poor, tech-savy
person can comprehend ...

Cheers,
Tink

Rotwang · 03-22-2004, 04:54 PM

Quote:

Originally posted by Tinkster

What do you mean by "display a user"?

Please re-phrase in a way that a poor, tech-savy
person can comprehend ...

Cheers,
Tink

I meant in the context of adduser, usermod, userdel.

So, like:

login: rotwang
innitial group: idiots
groups: newbies, mshaters
home: /home/morons/rotwang

Tinkster · 03-22-2004, 05:28 PM

oic

No, I don't think there's a tool for that purpose
in the shadow suite, you'll have to learn to
read /etc/passwd :) and /etc/group

Cheers,
Tink

Rotwang · 03-22-2004, 05:33 PM

grumble grumble

Tinkster · 03-22-2004, 07:52 PM

:P

Quote:

save as /usr/bin/userinfo

Code:

#!/bin/bash                                                                     
usage()
{
    echo "userinfo <name>"
    exit 1
}

if [ "$1" == "" ]; then
    usage
fi

line=`grep $1 /etc/passwd`
if [ "$line" != "" ]; then
    echo $line | awk -F":" '{print "username: " $1}'
    export the_name=$1
    echo $line | awk -F":" '{print "userid: " $3}'
    echo $line | awk -F":" '{print "description: " $5}'
    echo $line | awk -F":" '{print "home: " $6}'
    echo $line |awk -F":" '{print "default shell: " $7}'
    export def_grp=`echo $line |awk -F":" '{print $4}'`
fi
echo `awk -F":" '$3~ENVIRON["def_grp"] {print "default group: " $1}' /etc/group`
echo "Other groups:"
grep $the_name /etc/group | awk -F: '{print $1}'

Cheers,
Tink

Rotwang · 03-22-2004, 09:02 PM

Quote:

Originally posted by Tinkster
:P

Cheers,
Tink

Thanks man, it works well. Now see, why don't they make that standard, that wasn't so hard!

Also- there was a /usr/bin/userinfo in there already, and when I try to run it, it says

(userinfo:10326): Gtk-WARNING **: cannot open display:

which means it's an x only app right?

Tinkster · 03-22-2004, 09:06 PM

Quote:

Originally posted by Rotwang
Thanks man, it works well. Now see, why don't they make that standard, that wasn't so hard!

lol, no it wasn't :)
As a matter of fact, you could have done that, too ;0

Quote:

Also- there was a /usr/bin/userinfo in there already, and when I try to run it, it says

(userinfo:10326): Gtk-WARNING **: cannot open display:

which means it's an x only app right?

Yep, presumably gnome related, too ... nothing by
that name on my machine ;) ...

[edit]
I just saw that I made an ugly mistake :}

Code:

#!/bin/bash
usage()
{
    echo "userinfo <name>"
    exit 1
}

if [ "$1" == "" ]; then
    usage
fi

line=`grep $1 /etc/passwd`
if [ "$line" != "" ]; then
    echo $line | awk -F":" '{print "username: " $1}'
    export the_name=$1
    echo $line | awk -F":" '{print "userid: " $3}'
    echo $line | awk -F":" '{print "description: " $5}'
    echo $line | awk -F":" '{print "home: " $6}'
    echo $line |awk -F":" '{print "default shell: " $7}'
    export def_grp=`echo $line |awk -F":" '{print $4}'`
    echo `awk -F":" '$3~ENVIRON["def_grp"] {print "default group: " $1}' /etc/group`
    echo "Other groups:"
    grep $the_name /etc/group | awk -F: '{print $1}'
fi

That's better :}

[/edit]

Cheers,
Tink

Rotwang · 03-22-2004, 09:35 PM

Quote:

Originally posted by Tinkster
lol, no it wasn't
As a matter of fact, you could have done that, too ;0

Yea but if I did it, it'd be written in perl.

and it would have bugs.