On Thu, Jul 12, 2001 at 04:18:52PM -0700, Paul Socolow wrote: > I would like to give a user the ability to chown files in certain > directories to other users ownership. > > I have configured sudo to limit the users and files that can be specified > for this operation, but there is still one loophole that bugs me: > > If the user were to make a hard link to a file I don't want them to touch in > one of the directories they can run chown in, they could then sudo and > change the ownership of the file I was trying to protect.
yup, not trivial to fix either. > Is there any way to keep chown from modifying files that are linked? Or can > you prevent the creation of hard links in a directory? i think the openwall patch has an option to forbid hard linking to files you don't own. that would seem the only obvious solution here. i am not certain that would solve it entirely though, how are you restricting them to only chown files in a certain directory? does that rule allow chown in subdirectories of that directory? if so consider: ln -s / /place/chown/is/allowed/foo sudo chown /place/chown/is/allowed/foo/etc/passwd -- Ethan Benson http://www.alaska.net/~erbenson/
pgphPielt1lGZ.pgp
Description: PGP signature
