non-superuser chown(2)s considered harmful
Chuck Karish
karish at mindcraft.com
Mon Dec 10 17:16:18 AEST 1990
In article <18796 at rpp386.cactus.org> jfh at rpp386.cactus.org
(John F Haugh II) writes:
>However, in a co-operative environment (such as commercial installations)
>there is quite a bit of file-sharing going on in a very ad hoc fashion.
That's why Berkeley systems support supplementary groups. File sharing
is supported in a manageable fashion.
>User's should not be forced to contact an administrator, or perform file
>access mode mumbo-jumbo to give a file away.
This surprises me a little. I'd thought that the most militant
computer freedom zealots were BSD types.
Anyway, changing a file's ownership isn't necessary for sharing.
Changing its ownership handicaps the previous owner's access just
as it enhances the new owner's access. Group access is the
right way to share files. This is implemented in a reasonable
way in BSD systems, but the POSIX.1/FIPS 151-1 translation is
flawed, as I've pointed out here before.
>Why FIPS went with chown() being restricted is a mystery ...
Hint: FIPS 151-1 also requires that NGROUPS_MAX be non-zero.
--
Chuck Karish karish at mindcraft.com
Mindcraft, Inc. (415) 323-9000
More information about the Comp.unix.internals
mailing list