how far can chmod reach?

what i mean exactly is suppose someone is logged in as... user1

can user1 use chmod to change the permissions/ownership of a file owned by user2 ? (user1 and user2 are in different groups)

and what is user1 was the root user?, does that change anything?

(i need to know to properly set up my linux laptop with good permission settings.. but right now theres a program so the laptop wont boot up.. (just my luck)

Only root can chmod or chown files owned by other users. Normal users can't even chown their own files (just chmod them).

And users can only chgroup files to which they belong to both the beginning and ending groups for.

OK, how about we assume that any user can use chmod/chown ? (the reason i want to know is that i want to split up the "root" users power into multiple users, and i need to have it so that each user can chmod/chown files they own (change it so a new user owns it, new group, or just simple permissions)

Anyone with root priviledges can chown/chown any file they want. sudo is a program to give users root priviledges for the entire system or only certain commands. You could set it up so users could just use chmod/chown as root. This would be a security risk since they could change ownership/permissions for any file they had access to meaning most files on the system.

I don't think there is a way to do what you are asking.

so then i guess i should try and find a patch to delete the "root" user and just use regular users with correct permission settings

anyone know of any?

SciYro, I don't understand where you're coming from. How do you think the system will function without a root user? Who do you think is going to own system files?

Why would you want a user to be able to change permissions on a file owned by another user? Then there would be no security.

Just use su or sudo
man su
man sudo

darthtux: what i need is so that every user can change the permissions only for files they own/ have permission to change permissions

and not having a root user would make the system less crowded as regular users with restricted permissions (one your to handle /dev one to handle kernel stuff, one for compiling, one for X config's, one for normal user use, one for firewall, etc) .. so that each user can only do so little

i find the thought of a user (root) being able to access files they don't own or have permission to own kinda securityless (at least on a single/some user laptop/desktop)

AFAIK, there are files and commands which look explicitly for the root user to execute/modify them. By removing root, you would remove their functionality. Also, programs may span across directories - so in your example, you would have one user run the program in / then when it gets to /usr you'd need another user to run something, and so on. Having just one super user is the simplest way - KISS at it's finest IMO.

Also, would you have the pseudo super users be normal accounts? Say user1 has access to / and is also a normal user account, every time user1 logs in, malicious programs or users have access to ~/user1 and to / which gives them a fair bit of control. Or would you have user1 as the super user and user1a as their user account. They'd still have to su but you have now doubled the number of accounts you'd need. Much better to have users and root.

But I'll wait until a security guru comes along for a definitive answer.