Anh, I was going to call that one out. But there also isn't a reason you couldn't make your own setuid chown wrapper with some logic in it to examine the chown ACL and decide if it will allow the user to give ownership of the file away or not.
You could say have it see if users are in the same primary group of the file, and ACL provides chown to allow assignment to someone else in the same primary group.. perhaps. Wouldn't be too hard to write up that wrapper. Alec On Tue, Sep 6, 2022, 2:52 PM Anh Dao <[email protected]> wrote: > Regarding the behavior with CHOWN in Spectrum Scale, to avoid quota abuse > and security exposures, we have restricted that file owners can only chown > only to themselves or to a group that they are a member of. This has been > noted since Scale 4.2.0: > > https://www.ibm.com/docs/en/spectrum-scale/4.2.0?topic=applications-gpfs-exceptions-limitations-nfs-v4-acls > > “NFS V4 allows ACL entries that grant users (or groups) permission to > change the owner or owning group of the file (for example, with the chown > command). For security reasons, GPFS now restricts this so that > non-privileged users may only chown such a file to themselves (becoming the > owner) or to a group that they are a member of.” > > Regards, > Anh Dao > IBM Spectrum Scale > Software Developer > [email protected] > > > _______________________________________________ > gpfsug-discuss mailing list > gpfsug-discuss at gpfsug.org > http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org >
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at gpfsug.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org
