Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1a 7/7/83; site rlgvax.UUCP
Path: utzoo!linus!decvax!harpo!seismo!rlgvax!guy
From: guy@rlgvax.UUCP (Guy Harris)
Newsgroups: net.unix-wizards
Subject: Re: chown - right or privilege - (nf)
Message-ID: <1335@rlgvax.UUCP>
Date: Tue, 25-Oct-83 12:28:26 EDT
Article-I.D.: rlgvax.1335
Posted: Tue Oct 25 12:28:26 1983
Date-Received: Wed, 26-Oct-83 06:32:10 EDT
References: <3356@uiucdcs.UUCP> <1321@utcsstat.UUCP>
Organization: CCI Office Systems Group, Reston, VA
Lines: 23

If you are referring to things like "at", where the user on whose behalf the
batch script is run is assumed to be the user that owns the file, there is a
simple fix.  There already exists in UNIX a facility where a user can get the
privileges of the owner of a file by using that file; the set-UID facility.
The USG systems that allow you to give a file away (and, unless you're the
super-user, that's *all* they allow you to do with the file's ownership) solve
this by turning off the set-UID bit on a file if you give it away to another
and turning off the set-GID bit if you change the group (again, unless you are
the super-user).  For any file where you use the owner UID to grant permissions,
simply require that file to have its set-UID bit on.  Then, if anybody tries
to give the file away to somebody in order to get that person's permissions,
the kernel will force the set-UID bit off and your program will refuse to let
the guy in.

In our environment it's rare that you'd want to give a file away (we use our
machine for program development, mostly) but somebody working at one of our
sales offices (OZ, if you know him) points out that in an office system (which
is what we sell on our UNIX boxes) you might create a memo for somebody else
and then want to turn ownership of that memo over to them, so in a lot of cases
it may be very useful to be able to give files away.

	Guy Harris
	{seismo,mcnc,brl-bmd,allegra}!rlgvax!guy