> On Mon, 20 May 2002, Michael Hoennig wrote:
>
> > Why do you ignore my example? In my example the use who runs the webserver
> > owns all the files, that is wrong. With the suid bit on directories, this
> > could be fixed.
>
> CAP_FCHOWN would appear to accomplish what you need (with the bonus of
> already existing in modern linux kernels)... the webserver should be able
> to chown away a file if it's given this capability.
This is a useful point, but doesn't address the intent of the original
proposal. The solution you propose gives VERY powerful capabilities to a
process, and if I undestand how it works gives them in every directory.
By putting them on a single directory like setgid, you allow any tool to
operate on files in the directory, given that the process has directory
access to do so. Think "groupware" and people working on a project.
Both are useful, of course, but they are NOT alternative solutions to the
same problem, but solutions to two problems.
-- bill davidsen <davidsen@tmr.com> CTO, TMR Associates, Inc Doing interesting things with little computers since 1979.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/