At 994972732s since epoch (07/12/01 19:18:52 -0400 UTC), Paul Socolow wrote: > I would like to give a user the ability to chown files in certain > directories to other users ownership.
As per earlier discussions about sudo, it's very difficult to give 'limited' sudo access. Even if you fix the hard-linking problem, consider the following fun that a user with sudo chown access could have: # cp /usr/bin/less ./ # chmod a+s ./less # sudo chown root.root ./less # ls -l less -rwsr-sr-x 1 root root 79516 Jul 12 20:11 less (uh-oh) # ./less /etc/shadow root:$gfv49$Q923JVbmn.932cj9%bogus:11481:0:99999:7::: daemon:*:11405:0:99999:7::: ... DOH! I'm sure you can use your imagination for other fun programs to SUID... =) chmod/chown are extremely dangerous binaries to give root privs on, as they essentially give you the ability to setuid anything to root. That said, most binaries can be dangerous when given root privs (bash, cat, echo, rm, cp, mv, tar). Be very, very careful. Jason -- Jason Healy | [EMAIL PROTECTED] LogN Systems | http://www.logn.net/
