Chown: not owner



  • I've been having a problem all morning trying to chown my files.  I get the error

    chown: <filename>: Not owner

    Then I found this article 

    http://www.itworld.com/Comp/3380/nls_unixchown040923/pfindex.html 

    So apparently I can't chown my own files anymore?  Does this seem right to you?  I understand the security implications, but it seems like there has to be a better solution than just turning off chown for non-superusers.

    For clarification, after testing, I discovered that I can change the group of all my files, but not the user.   



  • That makes sense, you could (if you have root perms) make a setuid shell script that removes this restriction (as root obviously isn't hindered by this).



  • @Lingerance said:

    That makes sense, you could (if you have root perms) make a setuid shell script that removes this restriction (as root obviously isn't hindered by this).

    Most "decent" Unices (Unixes?) will automatically strip suid/sgid bits from a shell script anyway. There's a horrible race condition with them, where it's possible to replace the shell script between the time the script's invoked on the command line and the appropriate interpreter is fired up.

    Standard workaround is to have a suid/sgid binary program (a few lines in C) that invokes the shell script on your behalf. 'course, then you could be vulnerable to IFS holes and all that other goodness unless you're very careful.
     



  • @belgariontheking said:

    I've been having a problem all morning trying to chown my files.  I get the error

    chown: <filename>: Not owner

    Then I found this article 

    http://www.itworld.com/Comp/3380/nls_unixchown040923/pfindex.html 

    So apparently I can't chown my own files anymore?  Does this seem right to you?  I understand the security implications, but it seems like there has to be a better solution than just turning off chown for non-superusers.

    For clarification, after testing, I discovered that I can change the group of all my files, but not the user.   

    The article has the wrong reason. Permitting non-root chown would permit quota-bombing (where you create files up to the size of the user quota and then give them to somebody else, so that their quota is full but they can't find the files to delete them because they're in your home directory), so it hasn't been allowed pretty much as long as I can remember.

    If you want to give a file to another user, use your mail client (mutt belgariontheking -a goo.tar.gz -s "Here's your goo", and hit enter a couple of times). Your one does have a command-line interface for sending files, right? This is part of why every unix host has a local mail spool.



  • Thanks.  That makes more sense. 

    The real reason I wanted to give the files away is to give them to myself.  They were created by Informatica and thus have the Informatica user owning the file.  I want to own the files because they are really my files.  I created an Informatica job to give myself back the files (because it runs as the Informatica user), but it failed because of the chown issue.  This is a server that has over 1000 different functional logins, so who knows how many users.  I don't want just any user to manipulate my files (WTF = unless they create an Informatica job too). 

    So really it was more of an admin thing than wanting someone else to have my files.

    I guess I could delete them, then recreate them myself?  That way, I would be owner, and could put the Informatica user in my group.  In this server, quotas are managed by partition/mount, rather than by user.  Can I add users to my group willy-nilly or do I need root to do it for me?

    Hope that makes sense. 



  • @belgariontheking said:

    The real reason I wanted to give the files away is to give them to myself.  They were created by Informatica and thus have the Informatica user owning the file.  I want to own the files because they are really my files.  I created an Informatica job to give myself back the files (because it runs as the Informatica user), but it failed because of the chown issue.  This is a server that has over 1000 different functional logins, so who knows how many users.  I don't want just any user to manipulate my files (WTF = unless they create an Informatica job too).

    Sounds like you really just want to give yourself access to those files. Does this server support posix ACLs? (Solaris does, Linux does when you install the relevant tool and make a minor adjustment to fstab, I don't know about the others offhand) That's the easiest solution: make a directory that's d:u:you:rwx and u:informatica:rwx and have it stuff its files in there. Otherwise you need to play with groups and the directory setgid bit.

    Can I add users to my group willy-nilly or do I need root to do it for me?

    Site-specific, but it's unusual for anybody other than root to be able to do it. Posix ACLs can be edited by the same set of people who can use chmod.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.