non-superuser chown(2)s considered harmful
John F Carr
jfc at athena.mit.edu
Sat Dec 8 23:48:41 AEST 1990
BSD 4.3 does not enforce quota if the quota limit for a userid is zero (for
example, if quota has not been set for a user). This means if you don't set
a quota for every possible userid and non-superuser chown()s are allowed, a
user can give away files to a userid without quota to get unlimited storage.
We've made several changes to the quota system here; one of them is to
optionally disallow storage of files by any user who has not explicitly been
given a quota.
--
John Carr (jfc at athena.mit.edu)
More information about the Comp.unix.internals
mailing list