On Tue, 09 Dec 2008 23:03:38 +0100 Sven Joachim <svenjoac@gmx.de> wrote: > On 2008-12-09 22:56 +0100, Celejar wrote: > > > On Tue, 9 Dec 2008 13:53:47 -0800 (PST) > > Arc Roca <tonroca@yahoo.com> wrote: > > > >> That would be a terrible thing to happen, that any one could appropriate your files to themselves. > > > > I've been wondering about this; what would be the problem with the OS > > allowing user1 to chown his files to user2, assuming we don't allow > > this to occur with suid executables, of course. > > It would be a DoS against user2 if disk quotas are used. Before diskquotas were introduced in BSD it was possible for a user to give away his files. A chown was possible if UID of user and file matched, but setuid and setgid were cleared on the file. I read something about capabilities(7). CAP_CHMOD looks like a solution. But I don't manage to change the capabilities on my files: madroach@pundit:~% sudo getpcaps $$ Capabilities for `25117': =eip cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap-eip madroach@machine:~% sudo setcap 'cap_chown=eip' foo Failed to set capabilities on file `foo' (Operation not permitted) Do I need special filesystem support for this to work? Or whats the matter? Christopher
Attachment:
signature.asc
Description: PGP signature