Re: [CentOS] can non-owner change file group setup?
2009/5/12 mcclnx mcc mcc...@yahoo.com.tw: We are tried to count how many files belong to certain group. Our system administrator told us non-owner can easy change file group name to another. I have been tried several combination and never successful (only ROOT can change file group to other name). Does anyone know how no-owner can change file group name? In general this is disallowed! The reason is that in a system with quotas the common abuse tactic was to give files away to someone else yet hide them down inside your own directory. By giving files away you might never go over quota. Worse the poor other guy cannot find out why he is over quota. Some things may be possible with very open directory permissions. If directory permissions are wide open (777) is possible to take ownership of a file indirectly by making a copy then deleting the original. This is not possible on dirs where the T bit is set. $ ls -ld /tmp drwxrwxrwt 39 root root 4096 2009-05-15 21:48 /tmp Also if you are in a multi group situation you can move files between groups that you are a member of. This multi group case makes sense from the accounting point of view. -- NiftyCluster T o m M i t c h e l l ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can non-owner change file group setup?
On Tue, 2009-05-12 at 17:50 -0500, Robert Nichols wrote: nate wrote: Scott Silva wrote: But if you only have read access to the original file, can you overwrite it? If you have write access to the directory yes you should be able to, if you only have read access to the directory I would expect not. Technically, that's not overwriting. That's removing the original and replacing it with another file with the same name. That difference would be significant if there where other hard links to the original file. Yes. When moving the new file to the old, you are really doing an unlink and link sequence. With write permission in the directory, this is valid. You are controlled by the directory's user/group and permissions, not the target file's. -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can non-owner change file group setup?
we plan to count how many files belong to that group. For example HR or Finance. --- 09/5/12 (二),Filipe Brandenburger filbran...@gmail.com 寫道: 寄件者: Filipe Brandenburger filbran...@gmail.com 主旨: Re: [CentOS] can non-owner change file group setup? 收件者: CentOS mailing list centos@centos.org 日期: 2009年5月12日,二,下午3:13 2009/5/12 mcclnx mcc mcc...@yahoo.com.tw: Does anyone know how no-owner can change file group name? I believe that is not possible. What exactly are you trying to accomplish? Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos __ 付費才容量無上限?Yahoo!奇摩電子信箱2.0免費給你,信件永遠不必刪! http://tw.mg0.mail.yahoo.com/dc/landing ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can non-owner change file group setup?
I don't think that is true: (my login ID are member of DBA and OINSTALL group) $ ls -al total 13936 drwxrwxrwt 8 root root4096 May 13 04:02 . drwxr-xr-x 32 root root4096 Feb 11 15:36 .. -rwxrwxr-- 1 oracle dba9 May 11 20:50 aabb $ chgrp oinstall aabb chgrp: changing group of `aabb': Operation not permitted --- 09/5/12 (二),nate cen...@linuxpowered.net 寫道: 寄件者: nate cen...@linuxpowered.net 主旨: Re: [CentOS] can non-owner change file group setup? 收件者: centos@centos.org 日期: 2009年5月12日,二,下午5:49 Scott Silva wrote: But if you only have read access to the original file, can you overwrite it? If you have write access to the directory yes you should be able to, if you only have read access to the directory I would expect not. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos __ 付費才容量無上限?Yahoo!奇摩電子信箱2.0免費給你,信件永遠不必刪! http://tw.mg0.mail.yahoo.com/dc/landing ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can non-owner change file group setup?
I don't think that is true: (my login ID are member of DBA and OINSTALL group) $ ls -al total 13936 drwxrwxrwt 8 root root4096 May 13 04:02 . drwxr-xr-x 32 root root4096 Feb 11 15:36 .. -rwxrwxr-- 1 oracle dba9 May 11 20:50 aabb $ chgrp oinstall aabb chgrp: changing group of `aabb': Operation not permitted --- 09/5/12 (二),Les Mikesell lesmikes...@gmail.com 寫道: 寄件者: Les Mikesell lesmikes...@gmail.com 主旨: Re: [CentOS] can non-owner change file group setup? 收件者: CentOS mailing list centos@centos.org 日期: 2009年5月12日,二,下午3:38 nate wrote: mcclnx mcc wrote: We are tried to count how many files belong to certain group. Our system administrator told us non-owner can easy change file group name to another. I have been tried several combination and never successful (only ROOT can change file group to other name). Does anyone know how no-owner can change file group name? If the no-owner user has write access to the file they could copy the file to a new file name(thus getting ownership of the file), and overwriting the original file with the new file. You need write access in the directory, but only read access to the original file to do this. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos __ 付費才容量無上限?Yahoo!奇摩電子信箱2.0免費給你,信件永遠不必刪! http://tw.mg0.mail.yahoo.com/dc/landing ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can non-owner change file group setup?
mcclnx mcc wrote: we plan to count how many files belong to that group. For example HR or Finance. not sure why you need to change the file's group to do this. for g in hr finance; do echo $(find . -type f -group $g |wc -l) files in group $g done ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can non-owner change file group setup?
nate wrote: Scott Silva wrote: But if you only have read access to the original file, can you overwrite it? If you have write access to the directory yes you should be able to, if you only have read access to the directory I would expect not. nope. [pie...@ test]$ grep pierce /etc/group postgres:x:26:pierce pierce:x:503: [pie...@ test]$ touch x [pie...@ test]$ ls -la total 8 drwxrwxr-x 2 pierce pierce 4096 May 13 07:58 . drwxr-xr-x 37 pierce root 4096 May 13 07:57 .. -rw-rw-r-- 1 pierce pierce0 May 13 07:58 x [pie...@ test]$ chgrp postgres x chgrp: changing group of `x': Operation not permitted ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can non-owner change file group setup?
mcclnx mcc wrote: I don't think that is true: (my login ID are member of DBA and OINSTALL group) $ ls -al total 13936 drwxrwxrwt 8 root root4096 May 13 04:02 . drwxr-xr-x 32 root root4096 Feb 11 15:36 .. -rwxrwxr-- 1 oracle dba9 May 11 20:50 aabb $ chgrp oinstall aabb chgrp: changing group of `aabb': Operation not permitted Correct - you can't change the existing file. However, you can replace it if you have write access in the containing directory: cp aabb aabb.tmp chgrp oinstall aabb.tmp mv aabb.tmp aabb You'll change the owner and break any other hard links as a side effect too. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can non-owner change file group setup?
Hi, On Wed, May 13, 2009 at 11:01, John R Pierce pie...@hogranch.com wrote: nope. [pie...@ test]$ grep pierce /etc/group postgres:x:26:pierce pierce:x:503: [pie...@ test]$ touch x [pie...@ test]$ ls -la total 8 drwxrwxr-x 2 pierce pierce 4096 May 13 07:58 . drwxr-xr-x 37 pierce root 4096 May 13 07:57 .. -rw-rw-r-- 1 pierce pierce 0 May 13 07:58 x [pie...@ test]$ chgrp postgres x chgrp: changing group of `x': Operation not permitted It would work if user pierce belonged to group postgres. But it only works if you are the owner of the file. If you belong to the group the file belongs to, it does not work. I would say the best way to handle group ownership in Linux (and Unix) is to make sure files are originally created with the correct groups (possibly by using setgid directories). HTH, Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can non-owner change file group setup?
When we migrated from HPUX to Redhat we noticed this. I opened a case and we determined that you could not do this with the standard chgrp or chown commands if you are not root. The reason I was given is to keep people from getting around the disk quota stuff. A listing in one of the redhat forums stated that there was an option in one of the .h files that determined if this was allowed. You had to recompile your kernel to get this to work. We did some workarounds with sudo to get the necessary functionality. _ He's no failure. He's not dead yet. William Lloyd George -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Robert Nichols Sent: Tuesday, May 12, 2009 6:51 PM To: centos@centos.org Subject: Re: [CentOS] can non-owner change file group setup? nate wrote: Scott Silva wrote: But if you only have read access to the original file, can you overwrite it? If you have write access to the directory yes you should be able to, if you only have read access to the directory I would expect not. Technically, that's not overwriting. That's removing the original and replacing it with another file with the same name. That difference would be significant if there where other hard links to the original file. -- Bob Nichols NOSPAM is really part of my email address. Do NOT delete it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can non-owner change file group setup?
Filipe Brandenburger wrote: Hi, On Wed, May 13, 2009 at 11:01, John R Pierce pie...@hogranch.com wrote: nope. [pie...@ test]$ grep pierce /etc/group postgres:x:26:pierce pierce:x:503: [pie...@ test]$ touch x [pie...@ test]$ ls -la total 8 drwxrwxr-x 2 pierce pierce 4096 May 13 07:58 . drwxr-xr-x 37 pierce root 4096 May 13 07:57 .. -rw-rw-r-- 1 pierce pierce0 May 13 07:58 x [pie...@ test]$ chgrp postgres x chgrp: changing group of `x': Operation not permitted It would work if user pierce belonged to group postgres. Um, I do, I showed that up there. But it only works if you are the owner of the file. If you belong to the group the file belongs to, it does not work. I was both owner of file AND member of both from and to groups, AND had write access to the directory. still doesn't allow it. CentOS 5.3, btw. I would say the best way to handle group ownership in Linux (and Unix) is to make sure files are originally created with the correct groups (possibly by using setgid directories). I concur. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can non-owner change file group setup?
On Wed, May 13, 2009 at 11:18, John R Pierce pie...@hogranch.com wrote: Filipe Brandenburger wrote: [pie...@ test]$ grep pierce /etc/group postgres:x:26:pierce pierce:x:503: It would work if user pierce belonged to group postgres. Um, I do, I showed that up there. I was both owner of file AND member of both from and to groups, AND had write access to the directory. still doesn't allow it. CentOS 5.3, btw. Did you just add yourself to that group? The processes you run will not know you are a member of that group until you logout and login again (open new SSH session, etc.). When you issue the id command (with no parameters), does it include the postgres group? HTH, Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can non-owner change file group setup?
Filipe Brandenburger wrote: Did you just add yourself to that group? The processes you run will not know you are a member of that group until you logout and login again (open new SSH session, etc.). When you issue the id command (with no parameters), does it include the postgres group? ah, yes, I had just added that in another root shell. you're right, I logged out and back and and yes, it -does- work... [pie...@ test]$ id uid=503(pierce) gid=503(pierce) groups=26(postgres),503(pierce) [pie...@ test]$ ls -la total 8 drwxrwxr-x 2 pierce pierce 4096 May 13 07:58 . drwxr-xr-x 37 pierce root 4096 May 13 07:57 .. -rw-rw-r-- 1 pierce pierce0 May 13 07:58 x [pie...@ test]$ chgrp postgres x [pie...@ test]$ ls -la total 8 drwxrwxr-x 2 pierce pierce 4096 May 13 07:58 . drwxr-xr-x 37 pierce root 4096 May 13 07:57 .. -rw-rw-r-- 1 pierce postgres0 May 13 07:58 x ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] can non-owner change file group setup?
We are tried to count how many files belong to certain group. Our system administrator told us non-owner can easy change file group name to another. I have been tried several combination and never successful (only ROOT can change file group to other name). Does anyone know how no-owner can change file group name? Thanks. __ 付費才容量無上限?Yahoo!奇摩電子信箱2.0免費給你,信件永遠不必刪! http://tw.mg0.mail.yahoo.com/dc/landing ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can non-owner change file group setup?
2009/5/12 mcclnx mcc mcc...@yahoo.com.tw: Does anyone know how no-owner can change file group name? I believe that is not possible. What exactly are you trying to accomplish? Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can non-owner change file group setup?
mcclnx mcc wrote: We are tried to count how many files belong to certain group. Our system administrator told us non-owner can easy change file group name to another. I have been tried several combination and never successful (only ROOT can change file group to other name). Does anyone know how no-owner can change file group name? If the no-owner user has write access to the file they could copy the file to a new file name(thus getting ownership of the file), and overwriting the original file with the new file. e.g. [na...@us-cfe002:~]$ ls -l hosts -rw-r--r-- 1 root root 50 May 12 12:17 hosts [na...@us-cfe002:~]$ cp hosts hosts_new [na...@us-cfe002:~]$ ls -l hosts_new -rw-r--r-- 1 natea natea 50 May 12 12:18 hosts_new [na...@us-cfe002:~]$ mv hosts_new hosts mv: overwrite `hosts', overriding mode 0644? y [na...@us-cfe002:~]$ ls -l hosts -rw-r--r-- 1 natea natea 50 May 12 12:18 hosts [na...@us-cfe002:~]$ nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can non-owner change file group setup?
nate wrote: mcclnx mcc wrote: We are tried to count how many files belong to certain group. Our system administrator told us non-owner can easy change file group name to another. I have been tried several combination and never successful (only ROOT can change file group to other name). Does anyone know how no-owner can change file group name? If the no-owner user has write access to the file they could copy the file to a new file name(thus getting ownership of the file), and overwriting the original file with the new file. You need write access in the directory, but only read access to the original file to do this. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can non-owner change file group setup?
on 5-12-2009 12:38 PM Les Mikesell spake the following: nate wrote: mcclnx mcc wrote: We are tried to count how many files belong to certain group. Our system administrator told us non-owner can easy change file group name to another. I have been tried several combination and never successful (only ROOT can change file group to other name). Does anyone know how no-owner can change file group name? If the no-owner user has write access to the file they could copy the file to a new file name(thus getting ownership of the file), and overwriting the original file with the new file. You need write access in the directory, but only read access to the original file to do this. But if you only have read access to the original file, can you overwrite it? signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can non-owner change file group setup?
Scott Silva wrote: But if you only have read access to the original file, can you overwrite it? If you have write access to the directory yes you should be able to, if you only have read access to the directory I would expect not. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can non-owner change file group setup?
nate wrote: Scott Silva wrote: But if you only have read access to the original file, can you overwrite it? If you have write access to the directory yes you should be able to, if you only have read access to the directory I would expect not. Technically, that's not overwriting. That's removing the original and replacing it with another file with the same name. That difference would be significant if there where other hard links to the original file. -- Bob Nichols NOSPAM is really part of my email address. Do NOT delete it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
