Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!uwm.edu!zaphod.mps.ohio-state.edu!think.com!mintaka!bloom-picayune.mit.edu!athena.mit.edu!jfc
From: jfc@athena.mit.edu (John F Carr)
Newsgroups: comp.unix.internals
Subject: Re: non-superuser chown(2)s considered harmful
Message-ID: <1990Dec8.124841.12992@athena.mit.edu>
Date: 8 Dec 90 12:48:41 GMT
References: <18786@rpp386.cactus.org> <1990Dec7.171501.18028@mp.cs.niu.edu> <18792@rpp386.cactus.org>
Sender: news@athena.mit.edu (News system)
Organization: Massachusetts Institute of Technology
Lines: 12


BSD 4.3 does not enforce quota if the quota limit for a userid is zero (for
example, if quota has not been set for a user).  This means if you don't set
a quota for every possible userid and non-superuser chown()s are allowed, a
user can give away files to a userid without quota to get unlimited storage.

We've made several changes to the quota system here; one of them is to
optionally disallow storage of files by any user who has not explicitly been
given a quota.

--
    John Carr (jfc@athena.mit.edu)