The following small patch against OpenAFS 1.4.5 will allow users to to
change file ownership to another user with the chown command (System 5 chown
semantics). The
reserved 'C' ACL entry (rlidwkaABCDEFGH) is used to control when this is
permitted (set
using the standard 'fs setacl' command).
Is this something of general use or is this going to cause issues for
people? Discussion?
cvs diff: Diffing src/viced
Index: src/viced/afsfileprocs.c
===================================================================
RCS file: /cvs/openafs/src/viced/afsfileprocs.c,v
retrieving revision 1.81.2.43
diff -u -r1.81.2.43 afsfileprocs.c
--- src/viced/afsfileprocs.c 21 Aug 2007 08:28:37 -0000 1.81.2.43
+++ src/viced/afsfileprocs.c 31 Oct 2007 19:50:44 -0000
@@ -909,7 +909,7 @@
if (CHOWN(InStatus, targetptr) || CHGRP(InStatus, targetptr)) {
if (readonlyServer)
return (VREADONLY);
- else if (VanillaUser(client))
+ else if (VanillaUser(client) && !(rights & PRSFS_USR2))
return (EPERM); /* Was EACCES */
else
osi_audit(PrivilegeEvent, 0, AUD_ID,
