user may chown files to anyone else??? 1

[exsnafu]

I have a weird one and at this point i'm not sure if its a bug or a feature.

i have two NFS mountpoints from two different Netapp filers.

on one netapp filer mountpoint, a user who owns the mountpount directory may create a file in the mountpoint and then chown that file to any other user(including root). ie:

eddprf@server:/eddprf > ls -la
total 32
drwxrwxrwx    4 eddprf   eddprf         4096 Jan 21 10:22 .
drwxr-xr-x   51 root     system         4096 Jan 21 12:44 ..
eddprf@server:/eddprf > touch testfile
eddprf@server:/eddprf > ls -la
total 32
drwxrwxrwx    4 eddprf   eddprf         4096 Jan 24 10:59 .
drwxr-xr-x   51 root     system         4096 Jan 21 12:44 ..
-rw-rw-r--    1 eddprf   eddprf            0 Jan 24 10:59 testfile
eddprf@server:/eddprf > chown root testfile
eddprf@server:/eddprf > ls -la
total 32
drwxrwxrwx    4 eddprf   eddprf         4096 Jan 24 10:59 .
drwxr-xr-x   51 root     system         4096 Jan 21 12:44 ..
-rw-rw-r--    1 root     eddprf            0 Jan 24 10:59 testfile
eddprf@server:/eddprf > rm testfile
eddprf@server:/eddprf > ls -la
total 32
drwxrwxrwx    4 eddprf   eddprf         4096 Jan 24 10:59 .
drwxr-xr-x   51 root     system         4096 Jan 21 12:44 ..
eddprf@server:/eddprf >

but on any other netapp filer or local jfs2 mountpoints(like say /tmp), this ability is prohibited as i would expect, regardless of the permissions on the directory(far as i can tell!)

at this point we can't find any difference in the way this mountpoint is mounted or created on the netapp side.. the netapp versions between two filers are the same, the qtrees have the same export rules and both are mounted with the same options.. yet different results

is there some rule that in AIX a user should be allowed to do this in some cases?

 

[Noway2]

Do you have any application like SELinux or Apparmor that is preventing or limiting the permissions on the /tmp directory?

 

[AvayaTier3]

You have shown an example of the change that is allowed.

Can you show the change that is not allowed along with the directories, ownership, permissions and returned errors?



A great teacher, does not provide answers, but methods to teach others "How and where to find the answers"

bsh

37 years Bell, AT&T, Lucent, Avaya
Tier 3 for 27 years and counting

http://bshtele.com

 

[exsnafu]

directories, ownership, permissions don't appear to make any difference.

at this point i've got a call open with ibm and after some traces they believe somehow the netapp filer is allowing this... although still investigating. i had kind of figured this would be more of an OS control..

[362][server]:/home/jquainta> cd /test1
[363][server]:/test1> ls -ld .
drwxr-xr-x    2 jquainta sysadmin       4096 Jan 25 09:48 .
[364][server]:/test1> touch gollum
[365][server]:/test1> ls -la
total 16
drwxr-xr-x    2 jquainta sysadmin       4096 Jan 25 10:32 .
drwxr-xr-x   53 root     system         4096 Jan 25 10:27 ..
-rw-r--r--    1 jquainta sysadmin          0 Jan 25 10:32 gollum
[366][server]:/test1> chown root gollum
[367][server]:/test1> ls -la
total 16
drwxr-xr-x    2 jquainta sysadmin       4096 Jan 25 10:32 .
drwxr-xr-x   53 root     system         4096 Jan 25 10:27 ..
-rw-r--r--    1 root     sysadmin          0 Jan 25 10:32 gollum
[368][server]:/test1> cd /test2
[369][server]:/test2> ls -ld .
drwxr-xr-x    3 jquainta sysadmin       4096 Jan 25 09:48 .
[370][uscobrmfa-at-02]:/test2> touch wormtongue
[371][server]:/test2> ls -la
total 32
drwxr-xr-x    3 jquainta sysadmin       4096 Jan 25 10:32 .
drwxr-xr-x   53 root     system         4096 Jan 25 10:27 ..
-rw-r--r--    1 jquainta sysadmin          0 Jan 25 10:32 wormtongue
[372][server]:/test2> chown root wormtongue
chown: wormtongue: Operation not permitted.
[373][server]:/test2>
[374][uscobrmfa-at-02]:/test2> mount|grep test
gollum-nas /vol/documentum/jefftest1 /test1           nfs3   Jan 25 10:30
wormtongue-nas /vol/PRTvol01/jefftest1 /test2           nfs3   Jan 25 10:31
[375][uscobrmfa-at-02]:/test2>

and no, the filers don't have any UID/user mapping, the two filers are at the same OS/firmware levels, same /etc/passwd, same exports.

 

[exsnafu]

and oops. after reading the SElinux post with some confusion i realized i posted this to the wrong forum. i meant to post it in AIX.

ah well, i don't see any way to move it.

 

[exsnafu]

and as a final post to this misplaced thread, we found the root cause. I'll post it here because it turns out to affect linux just as easily as AIX(both normally disallow this behavior and many others I suspect also normally only allow root to chown)

on one of the netapp filers we had an option called "options wafl.root_only_chown" enabled. learn something new everyday.

 

[KenCunningham]

Worth a star for completing the picture exsnafu!

The internet - allowing those who don't know what they're talking about to have their say.