Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Security user Can't change the groups.
Operating Systems AIX Security user Can't change the groups. Post 302315833 by zaxxon on Wednesday 13th of May 2009 10:24:21 AM
Old 05-13-2009
For security reasons only root can use chown and chgrp. Else you could write a program with malicious code, chown/chgrp it to somebody else, maybe root or whoever and try to get it executed by those. So no chown/chgrp for normal users. I have no appropriate line from IBM at hand, but usually it is on many types of systems like this.

From Sun Admin documentation for example:
Quote:
Restrictions


On most systems, the use of the chown and chgrp commands is restricted for non-privileged users. If you are not the administrator of the system, you can not change user nor group ownerships for security reasons. If the usage of these commands would not be restricted, malicious users could assign ownership of files to other users and/or groups and change behavior of those users' environments and even cause damage to other users' files.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

dynamic user groups

Is it possible to dynamically allocate a new user group to an existing session on Solaris 5.8 I'd like to be able to allow certain users to access a set of scripts for the life of session (preferably there own session not a specific login created for the purpose) by dynamically giving the session... (0 Replies)
Discussion started by: hammer
0 Replies

2. UNIX for Dummies Questions & Answers

Adding user to groups

How do I add a user to a group? And how do I determine the list of groups to add a user? Solaris 10 newbie (1 Reply)
Discussion started by: peteythapitbull
1 Replies

3. UNIX for Dummies Questions & Answers

User groups

Hi I have a user zak and 4 groups:- oracle stats data archive I want user zak to be part of the oracle and stats group but not be able to view,list anything in data and archive. Also anyone in the data and archive group should not be able to view,list anything in oracle and stats....... (3 Replies)
Discussion started by: Zak
3 Replies

4. UNIX for Advanced & Expert Users

How to remove UNIX user and groups

I created UNIX groups - oinstall, dba and UNIX user - oracle for the installation of Oracle 10g. But I might did something incorrectly. Oracle user account didn't created properly. How to remove these UNIX groups and user so that I can start over again to create them properly. Thanks. (7 Replies)
Discussion started by: duke0001
7 Replies

5. Solaris

Setting user groups

Hi......... I'm trying to set a group of users to login to do a required super-user tasks without knowing the super-user passwd. For example...a user popodude logs in as self with passwd..system accepts the password & then automatically asks for the super-user account passwd. My goal is... (1 Reply)
Discussion started by: Remi
1 Replies

6. AIX

user & groups

1 - what is the maximum no: of groups a user can be a part of ? 2 - what is maximum no: of users a group can contain ? (6 Replies)
Discussion started by: senmak
6 Replies

7. UNIX for Dummies Questions & Answers

How to add user to multiple groups

hi all i am new to solaris how to add a user to multiple(secondary) groups. user :anna Groups : delhi ,mumbai,pune i need like this in cat /etc/group delhi::anna mumbai::anna pune::anna i tried using usermod -a -G hyd anna that does int work how to delete user from group... (3 Replies)
Discussion started by: kalyankalyan
3 Replies

8. AIX

Nested user groups

Is there a command to nest a group in another group in AIX. (2 Replies)
Discussion started by: daveisme
2 Replies

9. UNIX for Advanced & Expert Users

How to get User list from different groups and root?

Hi all, I want to list out users from different group and root, who are roaming in our group or root as a user. how can i list out this users ? (1 Reply)
Discussion started by: kpatel97
1 Replies

10. HP-UX

Creating user groups that are persistent

Hi, I need to modify the user 'munfai' by adding it into groups bscs, oinstall, dba. I use this command as user root to add the user into the mentioned groups : # usermod -G bscs,oinstall,dba munfai I can thereafter see the id in the groups : # id munfai uid=258(munfai) gid=20(users)... (2 Replies)
Discussion started by: anaigini45
2 Replies

LEARN ABOUT OSX

chown

CHOWN(8)						    BSD System Manager's Manual 						  CHOWN(8)

NAME

     chown -- change file owner and group

SYNOPSIS

     chown [-fhv] [-R [-H | -L | -P]] owner[:group] file ...
     chown [-fhv] [-R [-H | -L | -P]] :group file ...

DESCRIPTION

     The chown utility changes the user ID and/or the group ID of the specified files.	Symbolic links named by arguments are silently left
     unchanged unless -h is used.

     The options are as follows:

     -f      Don't report any failure to change file owner or group, nor modify the exit status to reflect such failures.

     -H      If the -R option is specified, symbolic links on the command line are followed.  (Symbolic links encountered in the tree traversal
	     are not followed.)

     -h      If the file is a symbolic link, change the user ID and/or the group ID of the link itself.

     -L      If the -R option is specified, all symbolic links are followed.

     -P      If the -R option is specified, no symbolic links are followed.  Instead, the user and/or group ID of the link itself are modified.
	     This is the default. Use -h to change the user ID and/or the group of symbolic links.

     -R      Change the user ID and/or the group ID for the file hierarchies rooted in the files instead of just the files themselves.

     -v      Cause chown to be verbose, showing files as the owner is modified.

     The -H, -L and -P options are ignored unless the -R option is specified.  In addition, these options override each other and the command's
     actions are determined by the last one specified.

     The owner and group operands are both optional; however, at least one must be specified.  If the group operand is specified, it must be pre-
     ceded by a colon (``:'') character.

     The owner may be either a numeric user ID or a user name.	If a user name is also a numeric user ID, the operand is used as a user name.  The
     group may be either a numeric group ID or a group name.  If a group name is also a numeric group ID, the operand is used as a group name.

     For obvious security reasons, the ownership of a file may only be altered by a super-user.  Similarly, only a member of a group can change a
     file's group ID to that group.

DIAGNOSTICS

     The chown utility exits 0 on success, and >0 if an error occurs.

COMPATIBILITY

     Previous versions of the chown utility used the dot (``.'') character to distinguish the group name.  This has been changed to be a colon
     (``:'') character, so that user and group names may contain the dot character.

     On previous versions of this system, symbolic links did not have owners.

     The -v option is non-standard and its use in scripts is not recommended.

LEGACY DESCRIPTION

     In legacy mode, the -R and -RP options do not change the user ID or the group ID of symbolic links.

SEE ALSO

     chgrp(1), find(1), chown(2), fts(3), compat(5), symlink(7)

STANDARDS

     The chown utility is expected to be IEEE Std 1003.2 (``POSIX.2'') compliant.

HISTORY

     A chown utility appeared in Version 1 AT&T UNIX.

BSD
								  March 31, 1994							       BSD
All times are GMT -4. The time now is 02:46 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy