[ale] Allow non-root user to chown file to other user?

Michael H. Warfield mhw at WittsEnd.com
Fri Nov 16 10:25:52 EST 2007


On Fri, 2007-11-16 at 08:47 -0500, Jeff Lightner wrote:
> As clearly detailed below the question is very specifically NOT a
> capabilities question - I noted that I had gone down that path to
> forestall further comment on it.

> The "real" problem I'm trying to solve is I have "Administrative"
> accounts that I prohibit direct logins on.  (Require use of sudo su -
> <account> by real users.)  On occasion users have a need to transfer in
> a file as this admin account but then give ownership to someone else.

	I solve these sorts of problems using supplemental groups.  If the
target user is a member of the group, he can read the file and copy it
and own the copy.  That's the safe way to do it.

> However, I really don't see that "purpose" makes my original question
> vague.  As I've noted in other emails I can think of ways to use sudo to
> do this but was hoping that there was a config utility that allows it.

	The reason it was vague is that you were asking how to perform a
particular action without telling us what you were really trying to
accomplish.  "How do I use this hammer to drive a screw" is asking how
to perform an action.  "What do I need to screw together this cabinet"
is asking how to accomplish a goal.

	Mike

> -----Original Message-----
> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
> Derek Carter
> Sent: Thursday, November 15, 2007 3:15 PM
> To: Atlanta Linux Enthusiasts
> Subject: Re: [ale] Allow non-root user to chown file to other user?
> 
> Jeff Lightner wrote:
> > OK the responses so far did what I was asking not to do - that is they
> > are either telling me how to engineer a solution around it or they are
> > saying it is a bad idea.
> > 
> > Also one post mentioned "capabilities" which I had broached in my
> > original post.  My read of that is it is something set for programs or
> > at kernel level not something that is enabled for users.   If the
> chown
> > capability is not on in the kernel then even root couldn't do chown.
> > It doesn't seem to really relate to my question - I had gone down that
> > path before posting.
> > 
> > Again I am asking if there is a way to allow non-root users to simply
> > use the "real" chown command directly.  It just doesn't seem to me
> that
> > this shouldn't be something that is configurable somehow especially
> > given that it is configurable on at least two UNIX variants I'm
> familiar
> > with.     
> 
> Is this just a capabilities question, or are you trying to solve a real 
> problem?  If you are trying to solve a real problem, let us know what it
> 
> is, we may be able to help you find another avenue to fix it?
> 
> --
> Derek aka goozbach
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> ----------------------------------
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
> ----------------------------------
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> 
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part




More information about the Ale mailing list