By default, in Solaris, the owner of the file cannot use the chown command to change the owner of the file or directory. There is also restriction in using chgrp command. The owner can only use chgrp command to change the group of the file to a group, which the owner belongs to.
However, this behavior can be changed by modifying /etc/system file by adding the following line:
set rstchown=0
You need to reboot your system after this change. Only the root can arbitrarily change ownership of the file whether or not this option is in effect.
Let's check the difference in system's behavior in following examples. We have the user account nameduser1 which is member of groups admin and dba. With default behavior when user1 is trying to change owner of the data.log file to user2 he gets the following message
$ chown user2 data.log
chown: data.log: Not owner
$ ls -l
total 12
-rw-rw-r-- 1 user1 admin 5345 May 11 05:53 data.log
However, user1 can change group of the data.log file to dba, because that is one of the two groups which he is a member of. But when user1 tries to change group of the data.log file to the manager his attempt will fail.
$ chgrp dba data.log
$ ls -l
total 12
-rw-rw-r-- 1 user1 dba 5345 May 11 05:53 data.log
$ chgrp manager data.log
chgrp: data.log: Not owner
Now, after the /etc/system file modification, user1 is free to change owner or group of his data.log file.
$ chown user2 data.log
$ ls -l
total 12
-rw-rw-r-- 1 user2 admin 5345 May 11 05:53 data.log
$ chgrp manager data.log
$ ls -l
total 12
-rw-rw-r-- 1 user1 manager 5345 May 11 05:53 data.log
There is possibility to change rstchown parameter on the fly without reboot using adb (mdb). This change will not persist across reboot though.
# adb -w -k /dev/ksyms /dev/mem
physmem 1f425
rstchown/D
rstchown:
rstchown: 1
rstchown/W 0
rstchown: 0x1 = 0x0
rstchown/D
rstchown:
rstchown: 0
You need to provide the name of the parameter you want to change together with valid option. In example above we printed current value assigned to rstchown by using /D and then we assigned new value by /W 0.
No comments:
Post a Comment