Re: 2.2.13: CAP_CHOWN and CAP_FOWNER

James Buster (bitbug@seal.engr.sgi.com)
Thu, 21 Oct 1999 21:19:59 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Garst R. Reese: "Re: seen only once ...."
Previous message: H. Peter Anvin: "Re: Unicode support on VGA console."
Maybe in reply to: Chip Salzenberg: "2.2.13: CAP_CHOWN and CAP_FOWNER"

>In 2.2.13 (as most previous releases), the CAP_CHOWN capability gives
>carte blanche to chown and chgrp at will. However, I don't think it's
>supposed to do that.

This is clearly wrong.

>AFAIK, CAP_CHOWN is only supposed to remove the restrictions on
>changing file ownership to a uid or gid that you do not currently have
>(e.g. to escape a quota).

Correct. CAP_CHOWN removes the restriction imposed when
_POSIX_CHOWN_RESTRICTED is in effect. It otherwise has no effect.

>Meanwhile, CAP_FOWNER removes restrictions on which files you're allowed
>to chown/chgrp.

Correct. CAP_FOWNER capability allows you to perform operations only
the owner of a file is allowed, such as changing its mode bits, ownership,
or ACL.

-- Planet Bog -- pools of toxic chemicals bubble under a choking atomsphere of poisonous gases... but aside from that, it's not much like Earth.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Garst R. Reese: "Re: seen only once ...."
Previous message: H. Peter Anvin: "Re: Unicode support on VGA console."
Maybe in reply to: Chip Salzenberg: "2.2.13: CAP_CHOWN and CAP_FOWNER"