On Thu, Jul 12, 2001 at 04:18:52PM -0700, Paul Socolow wrote:
> I would like to give a user the ability to chown files in certain
> directories to other users ownership.
>
> I have configured sudo to limit the users and files that can be specified
> for this operation, but there is still one loophole that bugs me:
>
> If the user were to make a hard link to a file I don't want them to touch in
> one of the directories they can run chown in, they could then sudo and
> change the ownership of the file I was trying to protect.
yup, not trivial to fix either.
> Is there any way to keep chown from modifying files that are linked? Or can
> you prevent the creation of hard links in a directory?
i think the openwall patch has an option to forbid hard linking to
files you don't own. that would seem the only obvious solution here.
i am not certain that would solve it entirely though, how are you
restricting them to only chown files in a certain directory? does
that rule allow chown in subdirectories of that directory? if so
consider:
ln -s / /place/chown/is/allowed/foo
sudo chown /place/chown/is/allowed/foo/etc/passwd
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
