2

I'm trying to allow regular user A to execute chown command to a list of user B,C,D having as object any files located into its home directory. In other words, I would try to limit the chown "root power" for some users, in term of users to change the file ownership and in term of the location of the files to be changed.

1> User A should only change the ownership of all the files located into its home directory (/export/home/userA) 2> User A should only change the ownership to userB, UserC and UserD (userB-C-D are part of the same group, user A has different one ... not a problem, at least, to add the same group as a supplementary for user A)

The objective 1 is the most important; the second, is a plus

I tried to use ACL in different ways, no success I tried to use sudo entry in different ways, no success

If I set rstchown=0 in the /etc/system, I will permit to use chown everywhere, not so good.

OS is Solaris 11.3

Any idea?

Dave M
  • 4,494
  • 21
  • 30
  • 30
Manuel
  • 21
  • 1

1 Answers1

0

ZFS has the rstchown property:

Table 5-1 ZFS Native Property Descriptions

Property Name   Type   Default Value    Description
...
rstchown       Boolean       on         Indicates whether the file system owner
                                        can grant file ownership changes. The
                                        default is to restrict chown operations.
                                        When rstchown is set to off, the user has
                                        the PRIV_FILE_CHOWN_SELF privilege for
                                        chown operations.

If the user's home directory is a dedicated ZFS filesystem, the rstchown setting will be limited to files on that filesystem.

Andrew Henle
  • 1,232
  • 9
  • 11