Chris Siebenmann with another interesting look at a tiny detail of UNIX history.
A few years ago I wrote about the divide in chown() about who got to give away files, where BSD and V7 were on one side, restricting it to root, while System III and System V were on the other, allowing the owner to give them away too.
[….]The answer is that the restriction was added in V6, where the V6 chown(2) manual page has the same wording as V7. In Research Unix V5 and earlier, people can chown(2) away their own files; this is documented in the V4 chown(2) manual page and is what the V5 kernel code for chown() does. This behavior runs all the way back to the V1 chown() manual page, with an extra restriction that you can’t chown() setuid files.
↫ Chris Siebenmann
The deeper levels of this particular rabbit hole need more exploring, though, as eventually Siebenmann hits a roadblock when trying to figure out why, exactly, the restriction was added, and why certain versions chose to not adopt the new restriction. This may be part of the lore of UNIX we won’t uncover, until one of the people involved speaks up.
This feels like a security feature. When you think about it, it makes sense in a lot of ways. Why didn’t it catch on though? Probably the trade-offs were not worth it for some vendors.
For example, when paired with “setuid”, it could allow running executables as another user. Of course there are safeguards against this. But this would prevent that even if those safeguards were to fail.
Or… someone could bypass quota restrictions by “donating” their files to another user.
Linux for example, as far as I know, does not offer a mechanism for non-root users to do this. These 2 were just obvious examples. There would be many more that makes allowing “chown” by users a problem. (You can chgrp, though)