chown problems
I'm trying to change the ownership of a file that I as user oracle own to user u55646 the following occurs -rw-r--r--1 u55646 dba 583 2003-09-18 13:01 rfc1953.log -rw-rw-rw-1 oracle oinstall 418 2003-09-18 12:55 rfc1953.sql -rw-r--r--1 oracle oinstall 583 2003-09-18 13:01 rfc1954.log -rw-rw-rw-1 oracle oinstall 412 2003-09-18 12:55 rfc1954.sql -rw-r--r--1 oracle oinstall 5208 2003-09-18 13:01 rfc1956.log -rw-rw-rw-1 oracle oinstall 415 2003-09-18 12:56 rfc1956.sql [EMAIL PROTECTED]:/dbatemp/rfcs/KDV1 chown u55646.dba rfc1953.sql chown: changing ownership of `rfc1953.sql': Operation not permitted [EMAIL PROTECTED]:/dbatemp/rfcs/KDV1
Re: chown problems
You need to be root to do that. One user cannot change file ownerships to another user. Mark Post -Original Message- From: Little, Chris [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 3:48 PM To: [EMAIL PROTECTED] Subject: chown problems I'm trying to change the ownership of a file that I as user oracle own to user u55646 the following occurs -rw-r--r--1 u55646 dba 583 2003-09-18 13:01 rfc1953.log -rw-rw-rw-1 oracle oinstall 418 2003-09-18 12:55 rfc1953.sql -rw-r--r--1 oracle oinstall 583 2003-09-18 13:01 rfc1954.log -rw-rw-rw-1 oracle oinstall 412 2003-09-18 12:55 rfc1954.sql -rw-r--r--1 oracle oinstall 5208 2003-09-18 13:01 rfc1956.log -rw-rw-rw-1 oracle oinstall 415 2003-09-18 12:56 rfc1956.sql [EMAIL PROTECTED]:/dbatemp/rfcs/KDV1 chown u55646.dba rfc1953.sql chown: changing ownership of `rfc1953.sql': Operation not permitted [EMAIL PROTECTED]:/dbatemp/rfcs/KDV1
Re: chown problems
The man page on RHL 9.0 shows the format as: chown u55646:dba rfc1953.sql On Thu, 2003-09-18 at 14:47, Little, Chris wrote: I'm trying to change the ownership of a file that I as user oracle own to user u55646 the following occurs -rw-r--r--1 u55646 dba 583 2003-09-18 13:01 rfc1953.log -rw-rw-rw-1 oracle oinstall 418 2003-09-18 12:55 rfc1953.sql -rw-r--r--1 oracle oinstall 583 2003-09-18 13:01 rfc1954.log -rw-rw-rw-1 oracle oinstall 412 2003-09-18 12:55 rfc1954.sql -rw-r--r--1 oracle oinstall 5208 2003-09-18 13:01 rfc1956.log -rw-rw-rw-1 oracle oinstall 415 2003-09-18 12:56 rfc1956.sql [EMAIL PROTECTED]:/dbatemp/rfcs/KDV1 chown u55646.dba rfc1953.sql chown: changing ownership of `rfc1953.sql': Operation not permitted [EMAIL PROTECTED]:/dbatemp/rfcs/KDV1 -- Rich Smrcina Sr. Systems Engineer Sytek Services - A Division of DSG Milwaukee, WI rsmrcina at wi.rr.com rsmrcina at dsgroup.com Catch the WAVV! Stay for requirements and the free-for-all. Update your zSeries skills in 4 days for a very reasonable price. WAVV 2004 in Chattanooga, TN April 30-May 4, 2004 For details see http://www.wavv.org
Re: chown problems
Operation not permitted Only root can chown. -Mike MacIsaac, IBM mikemac at us.ibm.com (845) 433-7061
Re: chown problems
I'm trying to change the ownership of a file that I as user oracle own to user u55646 the following occurs Short version: Linux does not allow non-privileged use of chown. You have to be root to do it. Longer version: Actually Linux supports capabilities. You can give the capability to use chown to a process. This would require a wrapper and the use of sudo for safety. It is much easier to use sudo directly for chown :) -- Guillaume Morin [EMAIL PROTECTED] IBM Poughkeepsie SAK Kernel Development
Re: chown problems
OK, scratch that... I tried it your way and the period is accepted. On Thu, 2003-09-18 at 14:47, Little, Chris wrote: I'm trying to change the ownership of a file that I as user oracle own to user u55646 the following occurs -rw-r--r--1 u55646 dba 583 2003-09-18 13:01 rfc1953.log -rw-rw-rw-1 oracle oinstall 418 2003-09-18 12:55 rfc1953.sql -rw-r--r--1 oracle oinstall 583 2003-09-18 13:01 rfc1954.log -rw-rw-rw-1 oracle oinstall 412 2003-09-18 12:55 rfc1954.sql -rw-r--r--1 oracle oinstall 5208 2003-09-18 13:01 rfc1956.log -rw-rw-rw-1 oracle oinstall 415 2003-09-18 12:56 rfc1956.sql [EMAIL PROTECTED]:/dbatemp/rfcs/KDV1 chown u55646.dba rfc1953.sql chown: changing ownership of `rfc1953.sql': Operation not permitted [EMAIL PROTECTED]:/dbatemp/rfcs/KDV1 -- Rich Smrcina Sr. Systems Engineer Sytek Services - A Division of DSG Milwaukee, WI rsmrcina at wi.rr.com rsmrcina at dsgroup.com Catch the WAVV! Stay for requirements and the free-for-all. Update your zSeries skills in 4 days for a very reasonable price. WAVV 2004 in Chattanooga, TN April 30-May 4, 2004 For details see http://www.wavv.org
Re: chown problems
Everybody wang chown tonight ;) -Original Message- From: Michael MacIsaac [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 2:56 PM To: [EMAIL PROTECTED] Subject: Re: chown problems Operation not permitted Only root can chown. -Mike MacIsaac, IBM mikemac at us.ibm.com (845) 433-7061
Re: chown problems
A period works just as well (I use it all the time out of habit). He's not getting a syntax error, it's permissions related. Mark Post -Original Message- From: Rich Smrcina [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 3:55 PM To: [EMAIL PROTECTED] Subject: Re: chown problems The man page on RHL 9.0 shows the format as: chown u55646:dba rfc1953.sql On Thu, 2003-09-18 at 14:47, Little, Chris wrote: I'm trying to change the ownership of a file that I as user oracle own to user u55646 the following occurs -rw-r--r--1 u55646 dba 583 2003-09-18 13:01 rfc1953.log -rw-rw-rw-1 oracle oinstall 418 2003-09-18 12:55 rfc1953.sql -rw-r--r--1 oracle oinstall 583 2003-09-18 13:01 rfc1954.log -rw-rw-rw-1 oracle oinstall 412 2003-09-18 12:55 rfc1954.sql -rw-r--r--1 oracle oinstall 5208 2003-09-18 13:01 rfc1956.log -rw-rw-rw-1 oracle oinstall 415 2003-09-18 12:56 rfc1956.sql [EMAIL PROTECTED]:/dbatemp/rfcs/KDV1 chown u55646.dba rfc1953.sql chown: changing ownership of `rfc1953.sql': Operation not permitted [EMAIL PROTECTED]:/dbatemp/rfcs/KDV1 -- Rich Smrcina Sr. Systems Engineer Sytek Services - A Division of DSG Milwaukee, WI rsmrcina at wi.rr.com rsmrcina at dsgroup.com Catch the WAVV! Stay for requirements and the free-for-all. Update your zSeries skills in 4 days for a very reasonable price. WAVV 2004 in Chattanooga, TN April 30-May 4, 2004 For details see http://www.wavv.org
Re: chown problems
yuck. coming from HP-UX, it allows you to give a file to another owner. -Original Message- From: Post, Mark K [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 2:51 PM To: [EMAIL PROTECTED] Subject: Re: chown problems You need to be root to do that. One user cannot change file ownerships to another user. Mark Post -Original Message- From: Little, Chris [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 3:48 PM To: [EMAIL PROTECTED] Subject: chown problems I'm trying to change the ownership of a file that I as user oracle own to user u55646 the following occurs -rw-r--r--1 u55646 dba 583 2003-09-18 13:01 rfc1953.log -rw-rw-rw-1 oracle oinstall 418 2003-09-18 12:55 rfc1953.sql -rw-r--r--1 oracle oinstall 583 2003-09-18 13:01 rfc1954.log -rw-rw-rw-1 oracle oinstall 412 2003-09-18 12:55 rfc1954.sql -rw-r--r--1 oracle oinstall 5208 2003-09-18 13:01 rfc1956.log -rw-rw-rw-1 oracle oinstall 415 2003-09-18 12:56 rfc1956.sql [EMAIL PROTECTED]:/dbatemp/rfcs/KDV1 chown u55646.dba rfc1953.sql chown: changing ownership of `rfc1953.sql': Operation not permitted [EMAIL PROTECTED]:/dbatemp/rfcs/KDV1
Re: chown problems
On Thu, 2003-09-18 at 15:00, Little, Chris wrote: yuck. coming from HP-UX, it allows you to give a file to another owner. Huge security hole. Adam
Re: chown problems
yeah. but it is convenient for my HP-UX users and they are now peeved. Another thing to listen to them complain about. -Original Message- From: Adam Thornton [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 3:06 PM To: [EMAIL PROTECTED] Subject: Re: chown problems On Thu, 2003-09-18 at 15:00, Little, Chris wrote: yuck. coming from HP-UX, it allows you to give a file to another owner. Huge security hole. Adam
Re: chown problems
I believe the ability to give away a file that you intially own is a posix-ism. Not having a copy of the spec handy to look at, I can't cite page-and-paragraph -- but it seems to me that the posix-ish behavior is to not allow non-privileged file owners to chown a file to some other user. I know that Solaris has a kernel-level toggle that is used to modify the behavior of chown in this manner. I also seem to recall some amusing DOS attacks on deserving quota-controlled neighbors who suddenly exceeded their file system quotas without doing anything themselves. innocent look of course, that was a long time ago when I was a student, and would be unforgiveably unprofessional... /innocent look -dan. Little, Chris wrote: yuck. coming from HP-UX, it allows you to give a file to another owner. -Original Message- From: Post, Mark K [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 2:51 PM To: [EMAIL PROTECTED] Subject: Re: chown problems You need to be root to do that. One user cannot change file ownerships to another user. Mark Post -Original Message- From: Little, Chris [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 3:48 PM To: [EMAIL PROTECTED] Subject: chown problems I'm trying to change the ownership of a file that I as user oracle own to user u55646 the following occurs -rw-r--r--1 u55646 dba 583 2003-09-18 13:01 rfc1953.log -rw-rw-rw-1 oracle oinstall 418 2003-09-18 12:55 rfc1953.sql -rw-r--r--1 oracle oinstall 583 2003-09-18 13:01 rfc1954.log -rw-rw-rw-1 oracle oinstall 412 2003-09-18 12:55 rfc1954.sql -rw-r--r--1 oracle oinstall 5208 2003-09-18 13:01 rfc1956.log -rw-rw-rw-1 oracle oinstall 415 2003-09-18 12:56 rfc1956.sql [EMAIL PROTECTED]:/dbatemp/rfcs/KDV1 chown u55646.dba rfc1953.sql chown: changing ownership of `rfc1953.sql': Operation not permitted [EMAIL PROTECTED]:/dbatemp/rfcs/KDV1
Re: chown problems
Huge security hole Why ? The systems which allow the non-privileged use of chown drops the setgid and setuid bits when changing the owner. -- Guillaume Morin [EMAIL PROTECTED] IBM Poughkeepsie SAK Kernel Development On Thu, 2003-09-18 at 15:00, Little, Chris wrote: yuck. coming from HP-UX, it allows you to give a file to another owner. Huge security hole. Adam
Re: chown problems
Actually reading the text of the man page showed me that a period is also acceptable... :) On Thu, 2003-09-18 at 14:57, Post, Mark K wrote: A period works just as well (I use it all the time out of habit). He's not getting a syntax error, it's permissions related. Mark Post -Original Message- From: Rich Smrcina [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 3:55 PM To: [EMAIL PROTECTED] Subject: Re: chown problems The man page on RHL 9.0 shows the format as: chown u55646:dba rfc1953.sql On Thu, 2003-09-18 at 14:47, Little, Chris wrote: I'm trying to change the ownership of a file that I as user oracle own to user u55646 the following occurs -rw-r--r--1 u55646 dba 583 2003-09-18 13:01 rfc1953.log -rw-rw-rw-1 oracle oinstall 418 2003-09-18 12:55 rfc1953.sql -rw-r--r--1 oracle oinstall 583 2003-09-18 13:01 rfc1954.log -rw-rw-rw-1 oracle oinstall 412 2003-09-18 12:55 rfc1954.sql -rw-r--r--1 oracle oinstall 5208 2003-09-18 13:01 rfc1956.log -rw-rw-rw-1 oracle oinstall 415 2003-09-18 12:56 rfc1956.sql [EMAIL PROTECTED]:/dbatemp/rfcs/KDV1 chown u55646.dba rfc1953.sql chown: changing ownership of `rfc1953.sql': Operation not permitted [EMAIL PROTECTED]:/dbatemp/rfcs/KDV1 -- Rich Smrcina Sr. Systems Engineer Sytek Services - A Division of DSG Milwaukee, WI rsmrcina at wi.rr.com rsmrcina at dsgroup.com Catch the WAVV! Stay for requirements and the free-for-all. Update your zSeries skills in 4 days for a very reasonable price. WAVV 2004 in Chattanooga, TN April 30-May 4, 2004 For details see http://www.wavv.org -- Rich Smrcina Sr. Systems Engineer Sytek Services - A Division of DSG Milwaukee, WI rsmrcina at wi.rr.com rsmrcina at dsgroup.com Catch the WAVV! Stay for requirements and the free-for-all. Update your zSeries skills in 4 days for a very reasonable price. WAVV 2004 in Chattanooga, TN April 30-May 4, 2004 For details see http://www.wavv.org
Re: chown problems
On Thu, 2003-09-18 at 15:10, Guillaume Morin wrote: Huge security hole Why ? The systems which allow the non-privileged use of chown drops the setgid and setuid bits when changing the owner. Do all of them? Because, yes, that's the hole I was thinking of. Adam
Re: chown problems
yuck. coming from HP-UX, it allows you to give a file to another owner. So install sudo and give those users the right to use chown without any password. Adding something like alias chown='sudo chown'. Linux drops the setuid and setgid bits when changing ownership. Guillaume. -- Guillaume Morin [EMAIL PROTECTED] IBM Poughkeepsie SAK Kernel Development
Re: chown problems
Do all of them? Because, yes, that's the hole I was thinking of. I would not bet on the all. It is too easy to get bitten by that one :) But iirc POSIX requires that for unprivileged use. (there is no standard for privileged use). Guillaume. -- Guillaume Morin [EMAIL PROTECTED] IBM Poughkeepsie SAK Kernel Development
Re: chown problems
i just talked to them and introduced the wonderful world of groups and chgrp. that might be better and more organized. -Original Message- From: Guillaume Morin [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 3:17 PM To: [EMAIL PROTECTED] Subject: Re: chown problems yuck. coming from HP-UX, it allows you to give a file to another owner. So install sudo and give those users the right to use chown without any password. Adding something like alias chown='sudo chown'. Linux drops the setuid and setgid bits when changing ownership. Guillaume. -- Guillaume Morin [EMAIL PROTECTED] IBM Poughkeepsie SAK Kernel Development
Re: chown problems
I suppose if you really didn't like this behaviour, you could write your own setuid version of chown. - Alex Little, Chris wrote: yeah. but it is convenient for my HP-UX users and they are now peeved. Another thing to listen to them complain about. -Original Message- From: Adam Thornton [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 3:06 PM To: [EMAIL PROTECTED] Subject: Re: chown problems On Thu, 2003-09-18 at 15:00, Little, Chris wrote: yuck. coming from HP-UX, it allows you to give a file to another owner. Huge security hole. Adam
Re: chown problems
Dans un message du 18 sep ` 16:24, Alex deVries icrivait : I suppose if you really didn't like this behaviour, you could write your own setuid version of chown. It is best way to open an huge security hole. It is better to use sudo. -- Guillaume Morin [EMAIL PROTECTED] Debian - What your mom would use if it were twenty times easier. http://www.copyleft.net/
Re: chown problems
On Iau, 2003-09-18 at 21:06, Daniel Martin wrote: I believe the ability to give away a file that you intially own is a posix-ism. Not having a copy of the spec handy to look at, I can't cite page-and-paragraph -- but it seems to me that the posix-ish behavior is to not allow non-privileged file owners to chown a file to some other user. I know that Solaris has a kernel-level toggle that is used to modify the behavior of chown in this manner. Old BSD unix forbids it, old SYS5 unix allows it. In part this is because old SYS5 unix didnt have quota. Since you can build apps for handling file donation properly its not supported in standard Linux file systems