let's say i have files owned by:
sftp-user:www-data
now I want that www-data can change the ownership of it, say to foobar. Is that even possible?
Asked
Active
Viewed 1.1k times
2
1 Answers
4
Only the owner of a file or root is permitted to change permissions.
And even if a file is owned by you, you can't change it ownership to another user. You can however, change its group, to one of the groups which your user is part of.
If a user can execute sudo then the user can execute:
sudo chown new-owner filename
You can try to manipulate the system files in a way it will be possible, however it will create major security risk to your system.
Such non recommended solution might be:
sudo cp /bin/chown /bin/chown.mod sudo chown root.www-data /bin/chown.mod sudo chmod 750 /bin/chown.mod sudo chmod +s /bin/chown.modNow, user with groupid www-data can execute
/bin/chown.modas userroot/bin/chown.mod userid /path/to/filenameIt is very dangerous, for example: as such user can change the owner of /etc/passwd to himself, modify the password file, and change the owner back to root, and a new user was added to the system.
Yaron
- 13,173
-
1Is the rationale for this restriction (in particular, that members of the owning group are not permitted to change permissions) explained anywhere? – Jeremy Mar 09 '18 at 15:55
groupid www-datato be able to change the owner of files owned by another user? – Yaron Mar 26 '17 at 13:19