Taking file ownership when file and directory is readable/writable
Solution 1
Yes, vim
will remove the original file and create a new one to put the new content in.
Your cp && mv -f
is the way to go.
Note that when the t
bit is set on the directory as it is in your case, it's not enough to have write permission to the directory you also need to be the owner of the file or the directory (as you are).
Solution 2
Only root can change the owner of a file. Without involving root, all you can do is delete the file and create or rename a different file with that name.
If you were allowed to appropriate the file, this would be a security hole. For example, the user someone
could open the file, then verify its ownership and permissions (by calling fstat
on the open file handle), and conclude that only a program running as someone
could have produced this data. If you were able to appropriate the file, you could then change its content against someone
's wishes.
Related videos on Youtube
![Sampo Sarrala - codidact.org](https://i.stack.imgur.com/XxB7M.jpg?s=256&g=1)
Sampo Sarrala - codidact.org
Updated on September 18, 2022Comments
-
Sampo Sarrala - codidact.org almost 2 years
I got some files in directory:
drwxrws-wt 2 me mygroup 4,0K 10.1. 12:34 . -rw-r----- 1 someone mygroup 10G 10.1. 11:22 someonesfile
me
andsomeone
are regular users without supplementary groups.How to take ownership of that file using
me
account?If
me
do:$ chown me someonesfile chown: doing bla bla bla: permission denied
However
me
can "change" ownership by replacing file with new one:cp someonesfile myfile && mv -f myfile someonesfile`
So my main question is if there is any easier (cheaper) way to change file ownership in described environment without using root account or other privilege elevations. Basically I wanted to know if
me
can somehow take advantage of directory permissions to somehow reset ownership/permissions without making copy of whole file.I've also noticed that editing file with
vim
and forcing overwrite with:w!
will change owner of file, is that same as doingcp && mv
? At leasttouch someonesfile
will fail with permission denied. -
Stéphane Chazelas about 10 yearsSome systems allow you to give away files you own to other users though. That was the case on HPUX the last time I used it (years ago, it may have changed since) for instance and was the case in SysIII and SysV according to the chown() POSIX spec.
-
steady rain almost 8 years@Giles However, he's doing
chown me someonesfile
, i.e. trying to take the file fromsomeone
to the current user, instead of doingchown someone myfile
, i.e. trying to "transfer" the ownership as in your example (which would have the implications given). Are there any obvious security issues taking instead of transferring the ownership? -
Gilles 'SO- stop being evil' almost 8 years@steadyrain I have trouble understanding your sentence. In my answer I discuss taking the ownership. Giving away ownership (which is allowed on some Unix variants, e.g. IRIX and HP-UX) has problems too, for example it makes disk quotas ineffective (disk quota exceeded? chown my big files to someone else.).