Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!bloom-beacon!eru!luth!sunic!mcsun!ukc!dcl-cs!aber-cs!pcg From: pcg@aber-cs.UUCP (Piercarlo Grandi) Newsgroups: comp.unix.wizards Subject: Re: Real and effective userids. Summary: Also, different [re]uid for files solves the chown problem Message-ID: <1136@aber-cs.UUCP> Date: 5 Oct 89 19:53:00 GMT Reply-To: pcg@cs.aber.ac.uk (Piercarlo Grandi) Organization: Dept of CS, UCW Aberystwyth (Disclaimer: my statements are purely personal) Lines: 31 In article pcg@thor.cs.aber.ac.uk (Piercarlo Grandi) writes: An obvious generalization is to have real (accounting) and effective (protection) owners for files as well. This would solve some problems with file ownership and accounting for closed subsystems (notably ingres and the spoolers) that implement their own protection policies, and thus need to give access to files only to their own setuid programs, but do not want the space taken up to be debited to them. It would also solve the famous chown problem. Currently either chown is allowed anybody, and then anybody may cheat filespace accounting (by chowning their files to somebody's else account), or only root (and then you must write a chown utility that asks for passwords). If we had "chown -[er]" and user A wanted to let user B acquire ownership of a file, the following sequence would do the trick with perfect safety: user A: chown -e B file user B: chown -r B file with a rule that the [er]owner may change the other owner id to itself. User A has no qualms in making B the eowner, after all it wants to transfer the actual ownership; user B then may actually acquire the rownership. If user B does not, user A can always revert the eownership to itself. -- Piercarlo "Peter" Grandi | ARPA: pcg%cs.aber.ac.uk@nsfnet-relay.ac.uk Dept of CS, UCW Aberystwyth | UUCP: ...!mcvax!ukc!aber-cs!pcg Penglais, Aberystwyth SY23 3BZ, UK | INET: pcg@cs.aber.ac.uk