Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-18-2007, 03:41 AM
|
#1
|
LQ Newbie
Registered: Jun 2007
Posts: 2
Rep:
|
chown as non-root
I am using Red Hat Linux version 2.6.9-34
I am looking for a system parameter to set that allows other users than root to issue the chown command.
Standard this is not allowed but i need to override it.
I know on Solaris this is possible. What abaout This version of Linux?
|
|
|
06-18-2007, 05:58 AM
|
#2
|
Member
Registered: Mar 2005
Location: India
Distribution: RHEL 3/4, Solaris 8/9/10, Fedora 4/8, Redhat Linux 9
Posts: 237
Rep:
|
Check for sudo user.
Command : visudo as a root user.
File : /etc/sudoers
Check manual pages for further info.
Example :
user1 ALL=/bin/chown
Last edited by p_s_shah; 06-18-2007 at 06:03 AM.
|
|
|
06-18-2007, 09:50 AM
|
#3
|
Member
Registered: Dec 2006
Distribution: Slackware 11
Posts: 144
Rep:
|
chown is in /usr/bin thus is available to all users. Any user can chown files they own. If you want to allow them to chown files they do not own, then yes, sudo will work.
|
|
|
06-18-2007, 01:00 PM
|
#4
|
Senior Member
Registered: Feb 2003
Distribution: Slackware
Posts: 4,113
Rep:
|
Quote:
Originally Posted by jeenam
chown is in /usr/bin thus is available to all users. Any user can chown files they own. If you want to allow them to chown files they do not own, then yes, sudo will work.
|
I think this is true on some Unix system or another but, AFAIK, on Linux you actually can't chown files whether you own them or not, since that's a way to 'give away' files to some poor slob and avoid quota restrictions by saddling him with them.
|
|
|
06-18-2007, 07:41 PM
|
#5
|
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,863
|
Also check out the PAM (Pluggable Athentication Modules) facility. And ACLs (Access Control Lists).
Check out these info pages:
info pam
info acl
The PAM facility allows you to configure the authentication mechanisms which will apply to all kinds of tests. For example, on many systems only members of the wheel group may issue the command su. But why? The answer is "PAM."
The ACL facility allows you to define more fine-grained access controls for resources (such as files) than those which are provided by the usual Unix-style protection mechanisms. You may well find that, with proper use of this facility, you don't need to fiddle with chown anymore. (Windows has a similar facility.)
|
|
|
06-19-2007, 12:20 AM
|
#6
|
LQ Newbie
Registered: Jun 2007
Posts: 2
Original Poster
Rep:
|
sudo
sudo is not an option in my case.
=> Situation is that i have a lunix cluster with StorNext filesystems shared to HP-UX clients. So the security needs to follow the shares on the clients.
i only need to allow a user to chown files he owns, but even that is restricted to root in new linux versions. Again sudo or su is not an option.
I will do some tests with PAM & ACL's. See what i can arrange, but i'm not convinced it will help.
|
|
|
All times are GMT -5. The time now is 05:20 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|