[ale] chown operation not permitted

Jerry Z. Yu z.yu at ptek.com
Thu Apr 25 11:24:16 EDT 2002


	the easist would be set SUID on chown. (sudo is way better in this 
case)
	there is probably a compile time option to govern this behavior. a 
'93 post on bsd list, saying -DONLYROOT give you the standard behavior.

On Thu, 25 Apr 2002, John Wells wrote:

#While I agree that it's not the best idea, I'd just like to know if it can
#be done.
#
#Thanks,
#
#John
#
#
#---------  Original message --------
#From: Jerry Z. Yu <z.yu at ptek.com>
#To: John Wells <jb at sourceillustrated.com>
#CC: ale at ale.org
#Subject: RE: [ale] chown operation not permitted
#Date: 04-25-02 14:59
#
#> 	I don't think you want to disable it. consider the security
#risk: assume you can set SUID on files you own. you then chown to root or
#other powerful users. this way any user can give himeself more
#priviledges. Not mention identity confusion. Say someone download
#some porn to the server, chown to your uid, will you like it?
#you can always force group permission to allow sharing (if that's
#your goal. BTW, what do you try to achieve?),  or you have to, set up sudo
#to allow specific command to be issued against certain files.
#
#On Thu, 25 Apr 2002, John Wells wrote:
#
##Just got a reply from my hosting company and he stated that in RedHat
##installs, chown is disabled by default for anyone other than root.
##
##So, running RedHat myself, I gave it a try.  Sure enough...&quot;operation
#not
##permitted&quot;.
##
##Man, when was this implemented?  I could swear that it wasn't like this in
##earlier (5.x - 6.x) releases.
##
##Anyway, does anyone know how to disable this?
##
##Thanks,
##John
##
##---------  Original message --------
##From: John Wells &lt;jb at sourceillustrated.com&gt;
##To: ale at ale.org &lt;ale at ale.org&gt;
##Subject: RE: [ale] chown operation not permitted
##Date: 04-25-02 12:58
##
##&gt; No.  lsattr shows no flags:
##
##$ lsattr testattr
##-------------- testattr
##
##Anyway, I can't chattr if I wanted to...seems I don't have permissions if I
##don't have root.  Thanks for the suggestion though.
##
##Any other thoughts?  In Solaris, I know there's a config item in one the
##system scripts that will disable chown *system-wide*.  Is there anything
##like that for linux?
##
##Thanks,
##John
##
##
##
##Original message --------
##From: Christopher &amp;lt;christopher at bergeron.com&amp;gt;
##To: 'John Wells' &amp;lt;jb at sourceillustrated.com&amp;gt;
##Subject: RE: [ale] chown operation not permitted
##Date: 04-24-02 18:27
##
##&amp;gt; Have you tried using chattr to change the attributes?  It might be
#an
##immutable file. (i flag I think).
##
##-CB
##
##&amp;amp;gt; -----Original Message-----
##&amp;amp;gt; From: John Wells [mailto:jb at sourceillustrated.com]
##&amp;amp;gt; Sent: Wednesday, April 24, 2002 10:15 AM
##&amp;amp;gt; To: John C; John Wells; ale at ale.org
##&amp;amp;gt; Subject: RE: [ale] chown operation not permitted
##&amp;amp;gt;
##&amp;amp;gt; It's through a shell using ssh
##&amp;amp;gt;
##&amp;amp;gt;
##&amp;amp;gt; ---------  Original message --------
##&amp;amp;gt; From: John C &amp;amp;lt;jcouncilman at knology.net&amp;amp;gt;
##&amp;amp;gt; To: John Wells
#&amp;amp;lt;jb at sourceillustrated.com&amp;amp;gt;,
##ale at ale.org
##&amp;amp;lt;ale at ale.org&amp;amp;gt;
##&amp;amp;gt; Subject: RE: [ale] chown operation not permitted
##&amp;amp;gt; Date: 04-24-02 18:04
##&amp;amp;gt;
##&amp;amp;gt; &amp;amp;gt; Is this on FTP or through shell access?
##&amp;amp;gt;
##&amp;amp;gt; -----Original Message-----
##&amp;amp;gt; From: John Wells [mailto:jb at sourceillustrated.com]
##&amp;amp;gt; Sent: Wednesday, April 24, 2002 6:25 AM
##&amp;amp;gt; To: ale at ale.org
##&amp;amp;gt; Subject: [ale] chown operation not permitted
##&amp;amp;gt;
##&amp;amp;gt;
##&amp;amp;gt; I'm trying to change ownership of a file on my ISP's box.  I
#own
##the
##file,
##&amp;amp;gt; but when I attempt to change it I get an
#&amp;amp;amp;quot;operation
##not
##&amp;amp;gt; permitted&amp;amp;amp;quot;
##&amp;amp;gt; error.
##&amp;amp;gt;
##&amp;amp;gt; I remember in the past being able to disable non-root chowns
#on
##Solaris
##&amp;amp;gt; and
##&amp;amp;gt; I'm betting there's a way to set this under Linux.  For the
#life of
##me, I
##&amp;amp;gt; can't remember how.
##&amp;amp;gt;
##&amp;amp;gt; Can anyone point me in the right direction for info about
#this?
##&amp;amp;gt;
##&amp;amp;gt; Thanks,
##&amp;amp;gt; John
##&amp;amp;gt;
##&amp;amp;gt;
##&amp;amp;gt; ---
##&amp;amp;gt; This message has been sent through the ALE general discussion
#list.
##&amp;amp;gt; See http://www.ale.org/mailing-lists.shtml for more info.
#Problems
##should
##&amp;amp;gt; be
##&amp;amp;gt; sent to listmaster at ale dot org.
##&amp;amp;gt;
##&amp;amp;gt;
##&amp;amp;gt; ---
##&amp;amp;gt; This message has been sent through the ALE general discussion
#list.
##&amp;amp;gt; See http://www.ale.org/mailing-lists.shtml for more info.
#Problems
##should
##&amp;amp;gt; be
##&amp;amp;gt; sent to listmaster at ale dot org.
##
##
##---
##This message has been sent through the ALE general discussion list.
##See http://www.ale.org/mailing-lists.shtml for more info. Problems should
#be
##sent to listmaster at ale dot org.
##
##
##---
##This message has been sent through the ALE general discussion list.
##See http://www.ale.org/mailing-lists.shtml for more info. Problems should
#be
##sent to listmaster at ale dot org.
##
#
#Jerry Z. Yu					+1-404-262-8544 (O)
#systems engineer				z.yu at voicecom.com
#is support, voicecom, llc			www.voicecom.com
#
#
#---
#This message has been sent through the ALE general discussion list.
#See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
#sent to listmaster at ale dot org.
#

Jerry Z. Yu					+1-404-262-8544 (O)
systems engineer				z.yu at voicecom.com
is support, voicecom, llc			www.voicecom.com


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list