[plug] chown as a user?

[Trevor Phillips]

Petter Reinholdtsen wrote:
> 
> Tell me more.  I do not think the two examples show any problem with
> chown.  The only problem I know of is DOS attack on a filesystem with
> quotas.  Please let me know if there are others.
> 
> > Basicly, it is something you DONT wan't to do
> 
> Actually, often it is.

Petter's right. On the systems (Solaris) that I have done this, it IS quite
secure - chowning strips the suid bit, etc... Although I didn't think of the
Quota DOS issue, but that doesn't apply in this situation. ^_^

Oh, and I AM the Sysadmin. ^_^

Basically, we have a separate Development and Production environment for
Content Providers to do their Web Publishing in. They do it in Dev, then use a
Publishing CGI to publish them into Prod. 

Regardless of the chown issue, this still meant that the CGI requires
write-access to the whole of Prod, which isn't that good. And in fact, any CGI
has write-access to the whole of Prod ATM. Which is why we seriously clamp down
on what CGIs are on there, and who can log in to the box. ^_^

Anyway, that WILL be all changing, preferrably soon, and I'd rather NOT do a
SUID CGI solution (although it'd probably be the quickest interim solution).

Right now I'm toying with a Queue-based publishing system, with a completely
separate daemon handling the publishing.

-- 
. Trevor Phillips             -           http://jurai.murdoch.edu.au/ . 
: CWIS Systems Administrator     -           T.Phillips at murdoch.edu.au : 
| IT Services                       -               Murdoch University | 
 >------------------- Member of the #SAS# & #CFC# --------------------<
| On nights such as this, evil deeds are done. And good deeds, of     /
| course. But mostly evil, on the whole.                             /
 \      -- (Terry Pratchett, Wyrd Sisters)                          /