![]() So, even if you use tar's -same-owner flag, you will still need to extract the files as root to preserve ownership. Nonetheless, allowing Alice to create a file withĪrbitrary content and have it taken as input from Bill can only make Instructions, he might not have intended to execute them at this This is usually not a secure design, becauseĮven if Bill created a file containing syntactically correct Some programs require that their input file belongs to a particular user in order to authenticate a request (for example, theįile contains some instructions that the program will perform onīehalf of that user).This can be a problem if the file contains If Alice gives away a file to Bill, there is no trace that Bill didn't create that file.Then count under Bill's disk quota even though only Alice can use the ![]() One else could access that world-writable directory), and then runĬhown to make that file owned by another user Bill. If a system has disk quotas enabled, Alice could create a world-writable file under a directory accessible only by her (so no.User can allow bad things to happen in uncommon, but still important The reason for this restriction is that giving away a file to another The rationale behind this has been nicely explained by in this Unix & Linux answer: If _POSIX_CHOWN_RESTRICTED is in effect for path:Ĭhanging the user ID is restricted to processes with appropriate privileges.Ĭhanging the group ID is permitted to a process with an effective user ID equal to the user ID of the file, but without appropriate privileges, if and only if owner is equal to the file's user ID or ( uid_t)-1 and group is equal either to the calling process' effective group ID or to one of its supplementary group IDs. Only processes with an effective user ID equal to the user ID of the file or with appropriate privileges may change the ownership of a file. ![]() On *nix systems, regular users can't change file ownership to a user who is not themselves. Ownership and permissions are two different things.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |