beware chown

tsh_at_mrc-lmb.cam.ac.uk
Date: 08/26/03

  • Next message: Parkin Frank - fparki: "CFS Performance" 
    Date: Tue, 26 Aug 2003 13:40:53 +0100 (BST)
To: Managers <tru64-unix-managers@ornl.gov>

    Hi all,
    I just discovered the hard way that the default action of
    'chown' is to change the owner of the file pointed to
    by a symlink, rather than change the owner of the symlink.

    Wouldnt it be more sensible to make the default action the
    safe one (i.e. change the owner of the symlink) rather
    than the unsafe one?

    Many users make symlinks in their own directories pointing
    to system files, and a recursive chown down a user's
    directory tree can cause mayhem...

    Cheers,
    Terry

    Terry Horsnell (tsh@mrc-lmb.cam.ac.uk)
    I.T. Manager
    Medical Research Council
    Lab of Molecular Biology
    Hills Road
    CAMBRIDGE CB2 2QH
    U.K.
    Phone: +44 (0)1223 248011
    Fax: +44 (0)1223 213556

  • Next message: Parkin Frank - fparki: "CFS Performance"

    Relevant Pages

    • Re: [PATCH] Add a /proc/self/exedir link
      ... Andreas Schwab writes: ... But we already have /proc//exe which is a symlink to the ... Neither of which should be readable by anyone but the owner of the ... which is the one who was able to read the secret directory in the ...
      (Linux-Kernel)
    • Re: do_coredump and O_NOFOLLOW
      ... I think that is for security reasons, ... check who is the owner of the symlink and where it points to. ... That would change the corepattern to include a ...
      (Linux-Kernel)
    • Re: /usr/local/etc/rc.d/ scripts and non-root user
      ... I put there has the root as owner. ... How can I make sure that the file is indeed run as user api? ... the owner of a symlink is completely irrelevant. ...
      (freebsd-questions)
    • Re: Curious fileutils/coreutils behaviour.
      ... >> ownership of a symlink. ... Since the owner of a symlink can be detected by a ... If the target belongs to the right person, ...
      (Bugtraq)
    • Re: Curious fileutils/coreutils behaviour.
      ... > Contrary to the FAQ entry you cited, it is sometimes useful to change the ... > ownership of a symlink. ... Since the owner of a symlink can be detected by a ...
      (Bugtraq)