Fwd: Re: need help with an rsync patch

Paul Slootman paul+rsync at wurtel.net
Tue Aug 13 04:29:04 MDT 2013

On Tue 13 Aug 2013, Matthias Schniedermeyer wrote:
> On 13.08.2013 09:52, Paul Slootman wrote:
> > On Tue 13 Aug 2013, Sherin A wrote:
> > 
> > > But if a user create  a
> > > hard link to /etc/shadow from his home dir , and he request a restore ,
> > > then he can read the shadow files and decrypt it .
> > 
> > If he can make a HARD link to the shadow file, then he can already read
> > it - and worse.
> No.

My mistake for assuming that people run current linux kernels...

    /proc/sys/fs/protected_hardlinks (since Linux 3.6)
	When  the value in this file is 0, no restrictions are placed on
	the creation of hard links (i.e., this is the historical  behav‐
	iour  before  Linux  3.6).   When the value in this file is 1, a
	hard link can be created to a target file only  if  one  of  the
	following conditions is true:

I would suggest that upgrading the kernel is a better solution for the
OP than patching rsync.  If your backup strategy involves backuping up
files as root to a medium that is readable by everyone so that the link
in the user's home directory is restorable as the user, then there are
more problems waiting to happen besides this...


More information about the rsync mailing list