[rsbac] Take ownership concepts

Amon Ott rsbac@rsbac.org
Wed Nov 13 10:18:01 2002

On Wednesday, 13. November 2002 03:09, Mathew Johnston wrote:
> Is there a way to allow another user to take ownership of a file? I
> think that allowing a 'take ownership' mechanism would be awesome - it
> would mean that an MTA could be written such that it can deliver to home
> directories, and let users take ownership of the files it creates. This
> means no more root privilige for MTAs. Can anyone think of another
> elegant solution to the problem? My premise is that I do not believe
> that a user should EVER impersonate another user to create files in
> their name. Obviously, we'll still need to have chuid, as how else would
> unix work? heh.

What you can do with RC model is strictly encapsulate the MTA to only write 
to the Maildirs / mboxes.

Alternatively, make a script that calls
chown `id -ur`: ~`id -ur`/mbox
and use CAP module to give it CAP_CHOWN.