strip setuid/setgid bits on backup (was Re: small security-related rsync extension)

Dan Stromberg strombrg at nis.acs.uci.edu
Fri Jul 19 12:40:01 EST 2002 

On Fri, Jul 19, 2002 at 12:15:01PM -0700, Dan Stromberg wrote:
> > My understanding of sillyrename, from memory and a brief perusal of
> > the kernel source (I don't have Callaghan here), is as follows:
> > 
> > It is a purely client-side behaviour, to handle the fact that Unix
> > files may be still open when unlinked.  This relies on Unix having an
> > in-memory use count, in addition to the on-disk link count.  The
> > problem is that the NFS server may reboot while the client has the
> > file open, therefore losing its in-memory use count, and causing the
> > file data to be garbage-collected by fsck.  As a workaround, deletes
> > or link-replacement on the client for a file still in use are handled
> > by moving that file to a temporary name, so that from the
> > point-of-view of other clients the file has gone.  When the use count
> > drops to zero, the client removes the .nfs file.  If the client
> > crashes or the net is partitioned before the use count goes to zero,
> > then the .nfs file may remain indefinitely, which is why you need a
> > reaper run from cron.
> > 
> > If this is wrong please explain how.
> > 
> > This is, incidentally, a much better solution for replacing in-use
> > files than rsync's backups, because it only affects in-use files, and
> > they are gc'd when no longer in use.  Replacing local files and
> > letting the kernel handle it is even better, because it can never
> > leak.
> 
> 1) This is an interesting, but quite irrelevant implementation detail
> with respect to the subject matter at hand.  If you like, I can now tell
> you something you didn't know.  Maybe I'll score some points.  I'll make
> sure it's irrelevant, too.

Many apologies.  If we update on the nfs server, as we've intended all
along, we should have no .nfs* files.

This really doesn't change the fact that rsync shouldn't violate the
principle of least surprise, however.

-- 
Dan Stromberg                                               UCI/NACS/DCS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.samba.org/archive/rsync/attachments/20020719/ab7badb2/attachment.bin

More information about the rsync mailing list