{"id":866,"date":"2015-03-26T05:57:59","date_gmt":"2015-03-26T12:57:59","guid":{"rendered":"http:\/\/blog.ls-al.com\/?p=866"},"modified":"2015-03-26T05:57:59","modified_gmt":"2015-03-26T12:57:59","slug":"solaris-change-file-ownership-as-non-root-account","status":"publish","type":"post","link":"https:\/\/blog.ls-al.com\/solaris-change-file-ownership-as-non-root-account\/","title":{"rendered":"Solaris Change File Ownership as non root Account"},"content":{"rendered":"

If you have a process running as non root or just need to enable a normal user to take ownership of files they don't own this is what you need to do.<\/p>\n

My first attempt was changing a file that was owned by root. That is not what I needed but as shown here that requires a privilege called \"ALL\".<\/p>\n

 \r\n$ ppriv -De chown ebs_a \/tmp\/file1.txt\r\nchown[999]: missing privilege "ALL" (euid = 304, syscall = 16) needed at tmp_setattr+0x60\r\nchown: \/tmp\/file1.txt: Not owner\r\n<\/pre>\n
This attempt is to change a file owned by nobody and that is what my process will be requiring.<\/p>\n
\r\n$ ppriv -De chown ebs_a \/tmp\/file1.txt\r\nchown[1034]: missing privilege "file_chown" (euid = 304, syscall = 16) needed at tmp_setattr+0x60\r\nchown: \/tmp\/file1.txt: Not owner\r\n<\/pre>\n
So as shown above we needed file_chown.  I am adding that privilege as below.  You will note I have some other permissions already added for different requirements.<\/p>\n
\r\n# grep ^ebs_a  \/etc\/user_attr\r\nebs_a::::type=normal;defaultpriv=basic,sys_mount,sys_nfs,net_privaddr,file_chown;auths=solaris.smf.manage.xvfb,solaris.smf.value.xvfb\r\n<\/pre>\n
Ok now we try again and it worked.<\/p>\n
\r\n# su - ebs_a\r\n[..]\r\n$ ppriv -De chown ebs_a \/tmp\/file1.txt\r\n\r\n$ ls -l \/tmp\/file1.txt\r\n-rw-r--r--   1 ebs_a root           0 Mar 25 06:24 \/tmp\/file1.txt\r\n<\/pre>\n
And of course you don't need to use ppriv now just simply chown and it should work.<\/p>\n","protected":false},"excerpt":{"rendered":"
If you have a process running as non root or just need to enable a normal user to take ownership<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14],"tags":[],"class_list":["post-866","post","type-post","status-publish","format-standard","hentry","category-solaris"],"_links":{"self":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/866","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/comments?post=866"}],"version-history":[{"count":0,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/866\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/media?parent=866"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/categories?post=866"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/tags?post=866"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}