Fwd: Re: need help with an rsync patch
Paul Slootman
paul+rsync at wurtel.net
Tue Aug 13 04:29:04 MDT 2013
On Tue 13 Aug 2013, Matthias Schniedermeyer wrote:
> On 13.08.2013 09:52, Paul Slootman wrote:
> > On Tue 13 Aug 2013, Sherin A wrote:
> >
> > > But if a user create a
> > > hard link to /etc/shadow from his home dir , and he request a restore ,
> > > then he can read the shadow files and decrypt it .
> >
> > If he can make a HARD link to the shadow file, then he can already read
> > it - and worse.
>
> No.
My mistake for assuming that people run current linux kernels...
/proc/sys/fs/protected_hardlinks (since Linux 3.6)
When the value in this file is 0, no restrictions are placed on
the creation of hard links (i.e., this is the historical behav‐
iour before Linux 3.6). When the value in this file is 1, a
hard link can be created to a target file only if one of the
following conditions is true:
I would suggest that upgrading the kernel is a better solution for the
OP than patching rsync. If your backup strategy involves backuping up
files as root to a medium that is readable by everyone so that the link
in the user's home directory is restorable as the user, then there are
more problems waiting to happen besides this...
Paul
More information about the rsync
mailing list