05-13-2009
For security reasons only root can use chown and chgrp. Else you could write a program with malicious code, chown/chgrp it to somebody else, maybe root or whoever and try to get it executed by those. So no chown/chgrp for normal users. I have no appropriate line from IBM at hand, but usually it is on many types of systems like this.
From Sun Admin documentation for example:
Quote:
Restrictions
On most systems, the use of the chown and chgrp commands is restricted for non-privileged users. If you are not the administrator of the system, you can not change user nor group ownerships for security reasons. If the usage of these commands would not be restricted, malicious users could assign ownership of files to other users and/or groups and change behavior of those users' environments and even cause damage to other users' files.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Is it possible to dynamically allocate a new user group to an existing session on Solaris 5.8
I'd like to be able to allow certain users to access a set of scripts for the life of session (preferably there own session not a specific login created for the purpose) by dynamically giving the session... (0 Replies)
Discussion started by: hammer
0 Replies
2. UNIX for Dummies Questions & Answers
How do I add a user to a group? And how do I determine the list of groups to add a user?
Solaris 10 newbie (1 Reply)
Discussion started by: peteythapitbull
1 Replies
3. UNIX for Dummies Questions & Answers
Hi I have a user zak and
4 groups:-
oracle
stats
data
archive
I want user zak to be part of the oracle and stats group but not be able to view,list anything in data and archive. Also anyone in the data and archive group should not be able to view,list anything in oracle and stats....... (3 Replies)
Discussion started by: Zak
3 Replies
4. UNIX for Advanced & Expert Users
I created UNIX groups - oinstall, dba and UNIX user - oracle for the installation of Oracle 10g. But I might did something incorrectly. Oracle user account didn't created properly. How to remove these UNIX groups and user so that I can start over again to create them properly. Thanks. (7 Replies)
Discussion started by: duke0001
7 Replies
5. Solaris
Hi.........
I'm trying to set a group of users to login to do a required super-user tasks without knowing the super-user passwd.
For example...a user popodude logs in as self with passwd..system accepts the password & then automatically asks for the super-user account passwd.
My goal is... (1 Reply)
Discussion started by: Remi
1 Replies
6. AIX
1 - what is the maximum no: of groups a user can be a part of ?
2 - what is maximum no: of users a group can contain ? (6 Replies)
Discussion started by: senmak
6 Replies
7. UNIX for Dummies Questions & Answers
hi all
i am new to solaris
how to add a user to multiple(secondary) groups.
user :anna
Groups : delhi ,mumbai,pune
i need like this in cat /etc/group
delhi::anna
mumbai::anna
pune::anna
i tried using
usermod -a -G hyd anna
that does int work
how to delete user from group... (3 Replies)
Discussion started by: kalyankalyan
3 Replies
8. AIX
Is there a command to nest a group in another group in AIX. (2 Replies)
Discussion started by: daveisme
2 Replies
9. UNIX for Advanced & Expert Users
Hi all,
I want to list out users from different group and root, who are roaming in our group or root as a user.
how can i list out this users ? (1 Reply)
Discussion started by: kpatel97
1 Replies
10. HP-UX
Hi,
I need to modify the user 'munfai' by adding it into groups bscs, oinstall, dba.
I use this command as user root to add the user into the mentioned groups :
# usermod -G bscs,oinstall,dba munfai
I can thereafter see the id in the groups :
# id munfai
uid=258(munfai) gid=20(users)... (2 Replies)
Discussion started by: anaigini45
2 Replies
CHOWN(8) BSD System Manager's Manual CHOWN(8)
NAME
chown -- change file owner and group
SYNOPSIS
chown [-fhv] [-R [-H | -L | -P]] owner[:group] file ...
chown [-fhv] [-R [-H | -L | -P]] :group file ...
DESCRIPTION
The chown utility changes the user ID and/or the group ID of the specified files. Symbolic links named by arguments are silently left
unchanged unless -h is used.
The options are as follows:
-f Don't report any failure to change file owner or group, nor modify the exit status to reflect such failures.
-H If the -R option is specified, symbolic links on the command line are followed. (Symbolic links encountered in the tree traversal
are not followed.)
-h If the file is a symbolic link, change the user ID and/or the group ID of the link itself.
-L If the -R option is specified, all symbolic links are followed.
-P If the -R option is specified, no symbolic links are followed. Instead, the user and/or group ID of the link itself are modified.
This is the default. Use -h to change the user ID and/or the group of symbolic links.
-R Change the user ID and/or the group ID for the file hierarchies rooted in the files instead of just the files themselves.
-v Cause chown to be verbose, showing files as the owner is modified.
The -H, -L and -P options are ignored unless the -R option is specified. In addition, these options override each other and the command's
actions are determined by the last one specified.
The owner and group operands are both optional; however, at least one must be specified. If the group operand is specified, it must be pre-
ceded by a colon (``:'') character.
The owner may be either a numeric user ID or a user name. If a user name is also a numeric user ID, the operand is used as a user name. The
group may be either a numeric group ID or a group name. If a group name is also a numeric group ID, the operand is used as a group name.
For obvious security reasons, the ownership of a file may only be altered by a super-user. Similarly, only a member of a group can change a
file's group ID to that group.
DIAGNOSTICS
The chown utility exits 0 on success, and >0 if an error occurs.
COMPATIBILITY
Previous versions of the chown utility used the dot (``.'') character to distinguish the group name. This has been changed to be a colon
(``:'') character, so that user and group names may contain the dot character.
On previous versions of this system, symbolic links did not have owners.
The -v option is non-standard and its use in scripts is not recommended.
LEGACY DESCRIPTION
In legacy mode, the -R and -RP options do not change the user ID or the group ID of symbolic links.
SEE ALSO
chgrp(1), find(1), chown(2), fts(3), compat(5), symlink(7)
STANDARDS
The chown utility is expected to be IEEE Std 1003.2 (``POSIX.2'') compliant.
HISTORY
A chown utility appeared in Version 1 AT&T UNIX.
BSD
March 31, 1994 BSD