3

I am controlling two user accounts on a machine where I am not root. Is it possible to "give away" some files from one account to another?

Rationale: I setup a bare git repo on the machine as the origin repo. Now, I want to have the files in that repo owned by the user "git" rather than my personal account. In this particular case, I could probably also clone a copy as "git", delete the bare repo and put the clone (which would need to made bare) at that place. Despite this being tedious, I'd be interested in the answer out of general curiosity.

Rolf
  • 902
  • The answer is going to be OS dependent. In the past, I have come across Unix systems on which the owner of a file was allowed to change the owner of the file to be anything. Of course after making that change, they couldn't make any further changes. – kasperd Feb 16 '15 at 17:12
  • With git repositories there are usually better approaches than changing owner of files. But the question is still a relevant one in general. My initial approach would be to run a setuid executable with access to run as either the old or the new owner. With the setresuid system call it is then possible to chose between all the different ways the two uid can be mixed. Alas it appears that on the Linux system where I am testing, none of the combinations will allow me to perform the chown system call. – kasperd Feb 16 '15 at 17:48

2 Answers2

0

You need to be root user to change (give away or take up) file/directory ownership.

Arul
  • 885
  • 7
  • 8
0

You can use ACLs to grant permission for files in your home directory to another user. And the command to set ACL is setfacl.

Say the accounts you control are john and smith. Now, if want smith to have full access to files john's home directory, then he can run the setfacl command as john with these options:

setfacl -R -m u:smith:rwx /home/john

The above setfacl command will provide the user smith full access to the home directory of john . This command has to be executed by the owner of the directory to whom the access is being opened to (john in this case) or root .

You can modify the permissions or the directory name or tell the setfacl command whether the access has to be given to a user or a group. For example:

setfacl -m u:smith:rx /home/john

The above command will give the user smith only read-only access to /home/john. 

[sreeraj@server ~]$ setfacl -m u:soum:rwx /home/sreeraj

On the same server:

[soum@server ~]$ cd /home/sreeraj
[soum@server sreeraj]$ touch file_by_soum
[soum@server sreeraj]$ ll file_by_soum
-rw-rw-r-- 1 soum soum 0 फ़रवरी 16 16:27 file_by_soum
[soum@server sreeraj]$

From the man page of setfacl:

EXAMPLES
       Granting an additional user read access
              setfacl -m u:lisa:r file

       Revoking write access from all groups and all named users (using the effective rights mask)
              setfacl -m m::rx file

       Removing a named group entry from a file's ACL
              setfacl -x g:staff file

       Copying the ACL of one file to another
              getfacl file1 | setfacl --set-file=- file2

       Copying the access ACL into the Default ACL
              getfacl --access dir | setfacl -d -M- dir
Sreeraj
  • 5,062
  • I solved the issue for the git repo with the sysadmin but I tried out your solution on another folder and it works. ls -al yields a little + next the access rights which I guess indicates this. Thanks! – Rolf Feb 17 '15 at 12:52