New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !

Set owner

Good ideas? Share with us!
Post Reply
kjellberg
Posts: 38
Joined: 03 Dec 2010, 07:18

Set owner

Post by kjellberg »

I would love to be able to change owner of a file or directory directly from the web interface.
In the menu where I select the read/write privileges I would like to have some kind of option where I can give the file away to another user by seting them as owner.
I don't know if im the only one that wants this but...
Ubi
Posts: 1549
Joined: 17 Jul 2007, 09:01

Re: Set owner

Post by Ubi »

Interesting feature, and probably useful too.. However only root can perform such an operation and you do not want to give root privileges to your web server. The point is that you need two accounts to accept the change of ownership, both the receiver and the sender. So it's manageable but technically rather complicated if you want to keep a good security record.
ryz
Posts: 183
Joined: 12 Feb 2009, 06:03

Re: Set owner

Post by ryz »

An other alternative would be to use ACL http://en.wikipedia.org/wiki/Access_control_list and then make it possible to set the ACL from the web. Unfortunately the ACL concept is really quite hard to understand or at least I think so but I do use it on my Bubba 2. I do not use the web interface at all for accessing files so the lack of support in the web interface does not bother me.
Ubi
Posts: 1549
Joined: 17 Jul 2007, 09:01

Re: Set owner

Post by Ubi »

With ACL you still need to be root in order to pass a file to another user. That or I really do not understand acls, which is quite possible :)
ryz
Posts: 183
Joined: 12 Feb 2009, 06:03

Re: Set owner

Post by ryz »

Well you always have to be root to give away a file to an other user. At least in all modern systems. There has been systems where you did not need to be root which could create funny situation when users could kill other users quota by changing ownership on really large files which where in places the other user could not access.

My line of thinking was that it was not really the owner ship that was important but rather that the other user could have the same access right to the file as you. The problem is of course that they do not have the right to change any permission of the file.

The permission thing could of course also be created with adding groups to the system.
kjellberg
Posts: 38
Joined: 03 Dec 2010, 07:18

Re: Set owner

Post by kjellberg »

Are there not other tasks that need root previlegies that is done through the admin interface? Like software update?
Obviously you don't want to give every user the possibility to mess up the system (like the verry good example above), but when logged in as admin it would be ok I think (if it is doable ofcourse).
ryz
Posts: 183
Joined: 12 Feb 2009, 06:03

Re: Set owner

Post by ryz »

You could always use the suid bit on a binary. If a binary has the suid bit set the binary will run with the user that own the binary rather then the user that started the binary. So by seting the suid bit on the chown binary and make sure it is own by root any user could change any file in the system to anything. That would be a disaster security wise. A better approach would be to make a copy of the chown and on that copy set the suid bit make it owned by root and that the only user except root that has permission to run that binary is the admin user. That is most likly how they have solved the upgrade that requires root access. It might still be a security issue to be able to change owner of any file to anything through an web interface. I do not fell that an web interface are as secure as an ssh connection to a local console. I might be wrong here but I do not think so.

One other aproach is to create a new binary that has the suid bit set is own by root and only executable by admin that does some filtering before calling chown. In this case you could for instance say that you are only allowed to change the owner to a normal user and not system users and root and only from files that the user that executed the script actually owns.

You could also make the new binary with the suid bit set and owned by root executable by all but only allowed an user to change the owner to an other user that has approved of it. That is that all users could specify which other users that could change the owner of a file to him. This would be a little more complex but should be doable. For example if we have the users usr1, usr2, usr3, usr4 in the system. usr1 has specified that usr3 and usr4 should be able to change the owner of files to him. If usr2 then try to change the owner of a file that is owned by usr2 to usr1 this would fail since usr1 has not allowed usr2 to do that. If usr3 or usr4 would to that it would work.
kjellberg
Posts: 38
Joined: 03 Dec 2010, 07:18

Re: Set owner

Post by kjellberg »

Sounds reasonable.
Ubi
Posts: 1549
Joined: 17 Jul 2007, 09:01

Re: Set owner

Post by Ubi »

*edit: I did not read Ryz's post properly before ranting on it the way I did below. Now that I did I see he shares my scare of messing with core system files. I still believe this is a really, really bad idea, even when making a copy of chown. No matter what, by letting apache perform chown as root you give the publicly accessible web server access to chown, which means you give it full, uncontrolled system access, no matter how you slice it.

Why not just give the files you want to share group write instead?

#-------------------------------------------------------------------
Sounds like a great recipe for a massive security risk. Putting a root SUID on a system file like chown without a wrapper is probably the best way to fully kill any security on a *nix system. WHy not simply "chmod -R 777 /" and be done with the whole thing?

(hit: /etc/shadow is a file too!)
kjellberg
Posts: 38
Joined: 03 Dec 2010, 07:18

Re: Set owner

Post by kjellberg »

Ok, we don't want to make any new security risks here, so it looks like I will have to stick with my dear friend putty and the linux terminal for a while then... :wink:
Post Reply