You are not logged in.

#1 2013-05-23 10:26:45

snack
Member
From: Italy
Registered: 2009-01-13
Posts: 861

Change ownership to root

I would have the necessity to transfer the ownership of some files, after they are created, to the root user, to forbid my malicious students (who have access to the machine) from modifying or deleting them. In the python script that creates the files (executed as a regular user) I added a call to chown to transfer the ownership to root:root, but it doesn't work. Simply put, if my user and group is mori:wizard, I get this:

$ ll dummy
-rw-r--r-- 1 mori wizard 0 23 mag 12.18 dummy
$ whoami
mori
$ chown root:root dummy 
chown: changing ownership of ‘dummy’: Operation not permitted

Maybe this is the intended behavior (only root can then transfer ownership to other users?). But according to this I understood that "you can do this only if you are the root user or the owner of the file", so being the owner I should be allowed. I tried also to give ownership to another regular user instead of root, but it fails anyway.
Thanks for any help anyone can provide...

Offline

#2 2013-05-23 11:01:55

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,217
Website

Re: Change ownership to root

You can't change ownership unless you're root; if that were possible, I'd be able to write a script that executed /bin/bash, change permissions to setuid, change the ownership to root and have a root shell just by executing it.

You either need to be root, or use something like sudo.

I'm assuming you have a user different to your students, so proper permissions will prevent them from altering your files. If you don't, well then you're definitely getting expected behavior (from the students)

Offline

#3 2013-05-23 11:11:03

Awebb
Member
Registered: 2010-05-06
Posts: 6,275

Re: Change ownership to root

It seems like chown does not work with a regular user. This thread might be relevant to your question: http://unix.stackexchange.com/questions … own-a-file

I would either run a cronjob, that changes the ownership of certain folders every minute or so. You could also write a daemon, that uses inotify to see, if there are new relevant files and change them after they are created. Or you could add a sudo line to your script, where you have to provide a password. The least secure way would be to add your user and a specific chown command to the sudoers and use sudo inside the script. Using sudo in such situations, however, is frowned upon, as it can create security holes, especially bad if your malicious students know a lot about Linux.

EDIT: Wow, fukawi2, I was so busy solving the problem at hand, that I forgot, what OP actually wants to achieve. Hehe.

Last edited by Awebb (2013-05-23 11:12:04)

Offline

#4 2013-05-23 12:35:50

snack
Member
From: Italy
Registered: 2009-01-13
Posts: 861

Re: Change ownership to root

Thanks guys, everything is clear now. I think I'd go with the cron approach suggested by Aweb, since the use case is this: in the lab we have a pc with a single user account, which is used by all the students to run a simple linear fit program. This program produces output files with results, on which students must not have write permissions since they may "tune" the results by hand. And since the program is run by the current user they can also open the files and modify it... but given the fact that they are grown up with Windows and icons, they can barely look at the bash shell without going in panic so it's unlikely that someone could ever find the result files in the hidden folder where the program silently save them. I'm just worried about some smart Linux guy that may show up from time to time... but in this case, smart guys probably won't need to alter the results, they'll simply produce right results wink
Thanks again.

Offline

#5 2013-05-23 12:44:30

progandy
Member
Registered: 2012-05-17
Posts: 5,184

Re: Change ownership to root

Maybe a daemon using inotifywait is more appropriate:
https://github.com/open-dynaMIX/experms
http://xyne.archlinux.ca/projects/autochown/
PS: Make sure to remove setuid, setgid and execute permissions if they are set.


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#6 2013-05-23 12:47:54

snack
Member
From: Italy
Registered: 2009-01-13
Posts: 861

Re: Change ownership to root

@progandy: thanks, autochown seems interesting, I hope I can make it work on Ubuntu 8.04 (porting the full python 2.6 stack with PyQt and numpy to make my program work has already been hard enough wink ).

Offline

#7 2013-05-23 15:26:41

Awebb
Member
Registered: 2010-05-06
Posts: 6,275

Re: Change ownership to root

Indeed, autochown was, what I meant. I forgot the name, thanks, progandy!

Offline

#8 2013-05-23 23:03:01

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,217
Website

Re: Change ownership to root

Another option to really confuse them would be to set the file to be immutable, but that still requires root

chattr +i file

Offline

#9 2013-05-24 20:16:58

teateawhy
Member
From: GER
Registered: 2012-03-05
Posts: 1,138
Website

Re: Change ownership to root

You can use systemd to watch the directory where the output goes. Systemd will run a configured service then.

PathChanged= may be used to watch a file or directory and activate the configured unit whenever it changes.

[Unit]
Description=Copy output files to safe location

[Path]
PathChanged=/home/regular_user/program_output
Unit=Copy-output-files.service

[Install]
WantedBy=multi-user.target

Write a systemd unit that calls a script. This script is naturally run by root, because it is called from systemd. Then the script copies the output files to a safe location, that regular_user can not enter, but you can.
http://www.freedesktop.org/software/sys … .path.html

Last edited by teateawhy (2013-05-24 20:17:50)

Offline

#10 2013-05-25 13:07:08

snack
Member
From: Italy
Registered: 2009-01-13
Posts: 861

Re: Change ownership to root

teateawhy wrote:

You can use systemd to watch the directory where the output goes. Systemd will run a configured service then.

PathChanged= may be used to watch a file or directory and activate the configured unit whenever it changes.

[Unit]
Description=Copy output files to safe location

[Path]
PathChanged=/home/regular_user/program_output
Unit=Copy-output-files.service

[Install]
WantedBy=multi-user.target

Write a systemd unit that calls a script. This script is naturally run by root, because it is called from systemd. Then the script copies the output files to a safe location, that regular_user can not enter, but you can.
http://www.freedesktop.org/software/sys … .path.html

It seems a nice solution, so it's a pity that the lab computer has Ubuntu 8.04 on it.. smile
Thanks anyway, teateawhy.

Offline

#11 2013-05-26 00:33:35

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,217
Website

Re: Change ownership to root

EDIT: Reopening this as it is still relevant to Linux and isn't too specific to Ubuntu.

Last edited by fukawi2 (2013-05-26 23:05:29)

Offline

Board footer

Powered by FluxBB