Linux & NFS: Atomic compare-and-exchange of file ownership

Question

My IT department made an error and chowned every file on the filesystem to root:OurGroup. Then their automatic backup (i.e. .snapshop) system created a snapshot, so we no longer have a reference of what the permissions were before.

I'm trying to work with them to make a script which will have the set-uid bit set and owned by root that users can call to re-chown files/directories back to them as needed.

I'm anticipating that they won't want a script that'll chown just anything to them, but may instead be willing to create a new user, chown everything to that user, then have a script users can call which will own chown files to them if it's owned by this other user.

However, to avoid race conditions, I want to find a way to chown if-and-only-if the file is owned by this users. There's a race condition here though: if I do this in two separate calls and two users run this script on a file at the same time, it can cause collisions. Instead I'd like to "change owner if the owner is user" in one call, instead of "if owner is user" followed by "change owner"

Is there an atomic compare-and-exchange primitive for file ownership?

Answer 1

However, to avoid race conditions, I want to find a way to chown if-and-only-if the file is owned by this users. There's a race condition here though: if I do this in two separate calls and two users run this script on a file at the same time, it can cause collisions. Instead I'd like to "change owner if the owner is user" in one call, instead of "if owner is user" followed by "change owner"

You seem to imply that once ownership for a file has changed from root:OurGroup to something more sane such as user1:department-name a second user should not be able to change ownership again from user1:department-name to user2:some-team.

That is not really the problem though...

The problem is not two users running the script at the same time or executing chown commands shortly after another or concurrently, the problem is much more difficult:
How are you going to resolve conflicts when multiple users claim ownership of the same file or directory?

Imagine that the first user that runs your scrip simply selects every file and directory...

Is your problem resolved when all files transition from root:OurGroup as the UID:GID to user1:department-name and will ownership then have been restored correctly?
And should the subsequent run from user2 that only wants to own <path>/Department-Name/User1's files/* be denied?

---

As @Lacek mentioned - your best bet is to use an older backup as the template for the ownership of any files that still exist in the current file system and only focus newly created files that don't exist in the back-up. (First level approach give those files the same owner as the enclosing directory).

The chmod as well as the chown command support a --reference flag. You can point to an existing file from your back-up location and chown will use owner and group of that reference file/directory rather than having to specify OWNER:GROUP values directly, i.e. something on the lines of:

cd /old-backup-of-nfs-share/
find . -exec chmod -v --reference='{}' /current-nfs-mount/'{}' \;

Answer 2

There is no such thing in shell, but you can emulate it with flock (see this Stackoverflow entry)

However, as Sven pointed out, you'll have to use sudo for chowning the files, since setuid bits are ignored on scripts.

Also, it may be a better idea to restore an earlier backup, and check the permissions there. It would probably cover most of the files you want to work with, and it seems to be a more accurate way to restore ownership than leaving the guesswork to users.