Fwd: Re: need help with an rsync patch

Matthias Schniedermeyer ms at citd.de
Tue Aug 13 04:57:15 MDT 2013


On 13.08.2013 12:29, Paul Slootman wrote:
> On Tue 13 Aug 2013, Matthias Schniedermeyer wrote:
> > On 13.08.2013 09:52, Paul Slootman wrote:
> > > On Tue 13 Aug 2013, Sherin A wrote:
> > > 
> > > > But if a user create  a
> > > > hard link to /etc/shadow from his home dir , and he request a restore ,
> > > > then he can read the shadow files and decrypt it .
> > > 
> > > If he can make a HARD link to the shadow file, then he can already read
> > > it - and worse.
> > 
> > No.
> 
> My mistake for assuming that people run current linux kernels...
> 
>     /proc/sys/fs/protected_hardlinks (since Linux 3.6)
> 	When  the value in this file is 0, no restrictions are placed on
> 	the creation of hard links (i.e., this is the historical  behav???
> 	iour  before  Linux  3.6).   When the value in this file is 1, a
> 	hard link can be created to a target file only  if  one  of  the
> 	following conditions is true:
> 
> I would suggest that upgrading the kernel is a better solution for the
> OP than patching rsync.  If your backup strategy involves backuping up
> files as root to a medium that is readable by everyone so that the link
> in the user's home directory is restorable as the user, then there are
> more problems waiting to happen besides this...

That aside that's not what i meant.


Hardlinking a file doesn't change it's owner/group/permission 
(All Hardlinks have the same user/group/permissions).

Even though i CAN:
ln /etc/shadow my_shadow

The file still, in my case, belongs to root with group shadow. So my 
user can't read the file.




-- 

Matthias


More information about the rsync mailing list