Paul Eggert wrote: > "O'Connor, Russell" <[EMAIL PROTECTED]> writes: > > The file gets gzipped in the HPUX NFS case, too, but since the chown > > works and the chmod fails, everyone but the owner loses access to it, > > which is not OK. > > I suggest using the HP-UX setprivgrp command (or modifying > /etc/privgroup) so that ordinary users cannot give away their files > via chown. It's a bit more secure that way, anyway; that's why most > OSes default to doing it this way nowadays. I suspect HP-UX defaults > to the insecure behavior for historical reasons only.
Agreed. For HP-UX that is a good suggestion. In particular creating the following file will do this. It gets loaded at boot time and can be set interactively with 'sudo setprivgrp -n CHOWN'. File /etc/privgroup: -n CHOWN > If you do that, you shouldn't need to modify gzip. Also if you don't do that then there will be a lot of free software programs that won't work because today almost all assumptions are that the above is the operating mode. I stopped trying to swim upstream and converted all of my HP-UX systems years ago and have not had any issues because of it. Now it is a point of interoperability between HP-UX and GNU/Linux. Bob
