Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am using Red Hat Linux version 2.6.9-34
I am looking for a system parameter to set that allows other users than root to issue the chown command.
Standard this is not allowed but i need to override it.
I know on Solaris this is possible. What abaout This version of Linux?
chown is in /usr/bin thus is available to all users. Any user can chown files they own. If you want to allow them to chown files they do not own, then yes, sudo will work.
chown is in /usr/bin thus is available to all users. Any user can chown files they own. If you want to allow them to chown files they do not own, then yes, sudo will work.
I think this is true on some Unix system or another but, AFAIK, on Linux you actually can't chown files whether you own them or not, since that's a way to 'give away' files to some poor slob and avoid quota restrictions by saddling him with them.
Also check out the PAM (Pluggable Athentication Modules) facility. And ACLs (Access Control Lists).
Check out these info pages:
info pam
info acl
The PAM facility allows you to configure the authentication mechanisms which will apply to all kinds of tests. For example, on many systems only members of the wheel group may issue the command su. But why? The answer is "PAM."
The ACL facility allows you to define more fine-grained access controls for resources (such as files) than those which are provided by the usual Unix-style protection mechanisms. You may well find that, with proper use of this facility, you don't need to fiddle with chown anymore. (Windows has a similar facility.)
sudo is not an option in my case.
=> Situation is that i have a lunix cluster with StorNext filesystems shared to HP-UX clients. So the security needs to follow the shares on the clients.
i only need to allow a user to chown files he owns, but even that is restricted to root in new linux versions. Again sudo or su is not an option.
I will do some tests with PAM & ACL's. See what i can arrange, but i'm not convinced it will help.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.