In  freeBSD 4.3 & 4.7 (& others), the  chown  command only works
for  root , for other users the command responds (if one actually tries
to change the ownership) "chown: <file name>: Operation not permitted"
where "<file name>" is the first file name in the argument-list.  This
command does work in a version of  HP-UX  (Hewlett-Packard  UNIX )
that I used a few years ago (although it probably checks to make sure
that certain properties don't violate security policy, and if any do
it probably doesn't make the change [I have no access to such a system
now so I can't check it]).  I know that many systems act as  freeBSD
does, but I think that a better way of doing this is to allow the code
to always change the ownership of the files except for changing the
ownership to a user with  root  privileges (which can be checked in
/etc/passwd ).  This gives the system owner the flexibility to leave
it this way, or to restrict this ability to  root  as it is now by
seting  chown's  permissions to  500 , it is already owned by  root.
        This is all that a single actual user (as most home systems are)
system needs, but for a true multi-user system one may want to restrict
the change to cases where the new owner and the current owner are members
of one group (and the system administrater should be careful about adding
users to the group  wheel ).  If the system has some groups that contain
all users, we may want to allow them to be excluded from consideration,
though we shouldn't worry about this now.
        I would like to push for such a change and wish others would
join me; if anyone knows of any possible problems from this change, or
has any objections to it, please let me know.

Is your PC infected? Get a FREE online computer virus scan from McAfeeŽ Security.

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to