Touch - changing date and time

Hi,

I am facing a problem with the command - TOUCH on Linux.

See the example below:

File on Linux: rw-rw-r-- user1 user1 Jan 01 09:00 test.txt

The file - test.txt was created by the user - user1.

Now, I want to change the date and time, but using other user - user2

The user2 belongs to the same user1 group.

if the command: touch -c -t 201501091030 test.txt - is issued, I have been receiving an error that the operation is not permitted.

However, if I use the command: touch -t 201501091030 xxx.txt , at the same directory, the file xxx.txt is created.

Does anyone know if the touch command is not allowed to change any information from other user, even if it is the same group?

Does anyone know how to solve it?

Tks.

Can you verify that? Run groups as user2. Remember that adding a user to a group only takes effect if they re-login.

It looks like it ought to work to me.

Hi Corona688,

yes, and the user2 belongs to the same group of user1.

if I use just the command: touch -c test.txt , it works - the current date/time is setting, but any other date/time, it didnt work.

If it is not possible, I would like to know if anyone knows a workaround for this problem.

tks.

---------- Post updated at 11:47 AM ---------- Previous update was at 11:38 AM ----------

Hi,

I was looking for more information about this issue and I found out the website: linux - Change file time (touch) - Stack Overflow and the problem is the same, however, it seems that there is not a solution:

"On Linux you must be the file owner (or root) to change the modification time to a time other than the current time. There are some other restrictions as well. man utime for complete details."

Even though, I am still looking for a workaround for it.

Tks.

---------- Post updated at 11:52 AM ---------- Previous update was at 11:47 AM ----------

BTW, the file needs to remain to the same owner, I cannot change the owner for the file.

Interesting. I did not know that.

Doing it as another user without permissions would be a "bug" or "security hole", not a workaround. You'll just have to arrange for it to be done as a different user. You could use sudo.

In sudoers:

%user1 ALL=(user1) NOPASSWD:  /path/to/update-time.sh

# % means 'group user1'.  If you only wanted user2 in particular to
# be able to do so, use this instead.
# user2 ALL=(user1) NOPASSWD: /path/to/update-time.sh

In update-time.sh:

#!/bin/sh

NEWUSER="user1"
ALLOW="/path/to/folder"

if [ "$#" -ne 2 ]
then
        echo "Must be run with exactly two parameters, time and file" >&2
        echo "like $0 201501091030 test.txt" >&2
        exit 0
fi

# If we're not $NEWUSER already, quit and reload from the beginning as $NEWUSER
[ "$USER" = "$NEWUSER" ] || exec sudo -u "$NEWUSER" "$0" "$@"

# $2 is the filename.  Convert relative paths to absolute ones,
# so we can check if they're inside /path/to/folder.
case "$2" in
/*) FILE_LOCATION="$2" ;;
*)  FILE_LOCATION="${PWD}/$2" ;;
esac

case "$FILE_LOCATION" in
$ALLOW/*)
        touch -c -t "$1" "$FILE_LOCATION"
        ;;
*)
        echo "you are only allowed to update files inside the $ALLOW folder" >&2
        exit 1
esac

This will allow user2 to run /path/to/update-time.sh 201501091030 file.txt to update the time of files inside the /path/to/folder directory, and nowhere else.

Hi Corona688,

Thank you for providing me this code, but the problem is that I never know who is the user, because it could be anyone, it is not a specific user. Besides this, the folder where the file is, it could be anyone as well.

Think this:

userX running the application on Linux. This application was sending to Linux the command: touch -c -t 201501091010 /xxx/yyy/zzz/file.txt .

for the example above, I build on Linux application the date/time, the folder and the filename.

as this script is executed by the application, I thought that this script could run under root and the touch command would be executed as well. I am not sure if it is possible a script be executed as root via sudoers.

would it be possible? How the script could be and the changes on sudores?

tks.

Read it more carefully please. sudo will allow anyone in the group user1 to touch user1's files.

If anyone not in the user1 group tries to use the script, sudo will refuse it.

If the file in question does not actually belong to the user user1, touch will refuse it.

Do you mean anyone or anywhere?

If you're content with anyone in the user1 group being able to set dates on any one of user1's files, you can rip out my error checking in a quarter-second.

Never never never.

Any bugs in the script, etc can only do as much damage as the user it runs under.

If you have no reason to run it as root, never run it as root.

It is possible. I just showed you how to do it.

I showed you an example script and the necessary changes to sudoers.

in your script, the user1 is a static user, as the file could be created by anyone, how do I change it to be according to the file owner?

anywhere, sorry....

I dont need to run as root, the idea is to use root instead of any other users, just to make easy the process, because it could be anyone to run the touch command, and the file owner could be anyone as well. Besides this, I cannot change the owner.

So, if you will provide me other option, I would appreciate it a lot.

tks.

Who do you want to be able to do this? Not just anyone should be able to. There must be reasons this is restricted, it shouldn't be done in a way that allows anyone to do so. Would making a group of users who're allowed to use this tool be okay?

Hi,

the application handles somethings and all users allowed to run the application should be able to change the date and time. So, when the file is created, the owner is one, but I need to update the date and time, according to some rules on the application, and the solution was to use the touch command.Note: everyone that is allowed to run the application, belongs to the same group.

user1 - group app1
user2 - group app1

The process:

user1 creates a file - xxx.txt, today - 20150109 10:10....

tomorrow, the user2 running the application, for example, he accesses the file xxx.txt by the application, so, for my control and my reason, I need to change the date and time. note: if the user1 tries to read the file xxx.txt, it works - the touch command, because the owner is the same.

today, the application issues the touch command with 2 parameters: the date/time and the folder+filename. (parameters: 201501100830 /xxx/yyy/zzz/xxx.txt), the final command is: touch -c -t 201501100830 /xxx/yyy/zzz/xxx.txt

If the solution is to run as root, I will need to do it. Of course, if there is other way to do it, and with safety, I would like to know,

One way to use your script, considering dynamic user, is the application read before the owner, and instead of use the touch command, it would be used your script with 3 parameters: the owner, the date/time and the folder+filename.

would it be a solution? on sudo statement in your script, would the password be requested? if so, it would be not the solution. I need to avoid any interactive session.

if I understood the idea of your script, the folder where the script will be stored, it will be always the same, but the folder and the filename where the date/time will be changed, not.

Please, let me know if it is clear and if there would be a solution for me.

tks.

Okay. That helps a lot. Just be sure to take a good look at what's inside the 'app1' group. You don't want people to be able to touch root's timestamps, etc. You may find a few users you you should specifically prevent them from running as.

# sudoers file

%app1 ALL=(%app1) NOPASSWD:  /path/to/update-time.sh

This would allow anyone in the app1 group to run /path/to/update-time.sh as any other user in the app1 group. Still no need to risk giving anyone root.

So:

#!/bin/sh

if [ "$#" -ne 2 ]
then
        echo "Usage:  $0 timestamp filename" >&2
        exit 1
fi

if ! [ -e "$2" ]
then
        echo "File $1 does not exist" >&2
        exit 1
fi

# Can also use 'stat' to get this on some systems
NEWUSER="$(ls -l "$1" | awk '{ print $3 }' )"

# If we are not the owner of the file, restart this script from the beginning
# as $NEWUSER via sudo.
[ "$USER" = "$NEWUSER" ] || exec sudo -u "$NEWUSER" "$0" "$@"

# Touch the file with an arbitrary timestamp.
touch -c -t "$1" "$2"

Hi Corona688,

thank you very much for the code.

I am not an expert on Linux and script, so, could you please explain better the statements above? I am not sure what I need to do when you say: restart this script from the beginning as $NEWUSER via sudo.

I thought that the script should executed at once, no matter the owner. Even I need to execute the script again how to execute the script as sudo, how would it be? Just remembering, the application will send to Linux the script execution, and the execution needs to be at once - there is no interactive session to execute the script, I am not able to send to Linux 2 commands, just 1.

what happen if I always consider that the user/owner is different and sudo is always executed? (even if I could have the owner as the user)

tks.

Hi Corona688,

I have tested the code, and it worked, and I did not need to change/start when the user is not the owner. Perfect!!!. I just had to adjust part of the code below, because I assumed that the Parm 1 is the date and Parm 2 is the folder/file.

TO:

Thank you very much for the assistance on this issue.

That exec line is a convenience thing so the user can run /path/to/script.sh instead of sudo -u username /path/to/script.sh. If the user is different, it runs sudo -u username /path/to/script for them. $0 is "/path/to/script.sh" so I don't have to hardcode what the script is named. "$@" is "all arguments, properly quoted". exec means "replace the current script with the command I'm running now" so all the lines below are ignored when the user is wrong.

Sorry about the bug, you've got it figured out.