Fwd: Re: need help with an rsync patch
Matthias Schniedermeyer
ms at citd.de
Tue Aug 13 04:57:15 MDT 2013
On 13.08.2013 12:29, Paul Slootman wrote:
> On Tue 13 Aug 2013, Matthias Schniedermeyer wrote:
> > On 13.08.2013 09:52, Paul Slootman wrote:
> > > On Tue 13 Aug 2013, Sherin A wrote:
> > >
> > > > But if a user create a
> > > > hard link to /etc/shadow from his home dir , and he request a restore ,
> > > > then he can read the shadow files and decrypt it .
> > >
> > > If he can make a HARD link to the shadow file, then he can already read
> > > it - and worse.
> >
> > No.
>
> My mistake for assuming that people run current linux kernels...
>
> /proc/sys/fs/protected_hardlinks (since Linux 3.6)
> When the value in this file is 0, no restrictions are placed on
> the creation of hard links (i.e., this is the historical behav???
> iour before Linux 3.6). When the value in this file is 1, a
> hard link can be created to a target file only if one of the
> following conditions is true:
>
> I would suggest that upgrading the kernel is a better solution for the
> OP than patching rsync. If your backup strategy involves backuping up
> files as root to a medium that is readable by everyone so that the link
> in the user's home directory is restorable as the user, then there are
> more problems waiting to happen besides this...
That aside that's not what i meant.
Hardlinking a file doesn't change it's owner/group/permission
(All Hardlinks have the same user/group/permissions).
Even though i CAN:
ln /etc/shadow my_shadow
The file still, in my case, belongs to root with group shadow. So my
user can't read the file.
--
Matthias
More information about the rsync
mailing list