LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   chown as non-root (http://www.linuxquestions.org/questions/linux-security-4/chown-as-non-root-562603/)

Rudy Vogels 06-18-2007 03:41 AM

chown as non-root
 
I am using Red Hat Linux version 2.6.9-34
I am looking for a system parameter to set that allows other users than root to issue the chown command.
Standard this is not allowed but i need to override it.
I know on Solaris this is possible. What abaout This version of Linux?

p_s_shah 06-18-2007 05:58 AM

Check for sudo user.
Command : visudo as a root user.
File : /etc/sudoers
Check manual pages for further info.

Example :

user1 ALL=/bin/chown

jeenam 06-18-2007 09:50 AM

chown is in /usr/bin thus is available to all users. Any user can chown files they own. If you want to allow them to chown files they do not own, then yes, sudo will work.

slakmagik 06-18-2007 01:00 PM

Quote:

Originally Posted by jeenam
chown is in /usr/bin thus is available to all users. Any user can chown files they own. If you want to allow them to chown files they do not own, then yes, sudo will work.

I think this is true on some Unix system or another but, AFAIK, on Linux you actually can't chown files whether you own them or not, since that's a way to 'give away' files to some poor slob and avoid quota restrictions by saddling him with them. ;)

sundialsvcs 06-18-2007 07:41 PM

Also check out the PAM (Pluggable Athentication Modules) facility. And ACLs (Access Control Lists).

Check out these info pages:
info pam
info acl


The PAM facility allows you to configure the authentication mechanisms which will apply to all kinds of tests. For example, on many systems only members of the wheel group may issue the command su. But why? The answer is "PAM."

The ACL facility allows you to define more fine-grained access controls for resources (such as files) than those which are provided by the usual Unix-style protection mechanisms. You may well find that, with proper use of this facility, you don't need to fiddle with chown anymore. (Windows has a similar facility.)

Rudy Vogels 06-19-2007 12:20 AM

sudo
 
sudo is not an option in my case.
=> Situation is that i have a lunix cluster with StorNext filesystems shared to HP-UX clients. So the security needs to follow the shares on the clients.

i only need to allow a user to chown files he owns, but even that is restricted to root in new linux versions. Again sudo or su is not an option.

I will do some tests with PAM & ACL's. See what i can arrange, but i'm not convinced it will help.


All times are GMT -5. The time now is 11:27 AM.