Fwd: Re: need help with an rsync patch
Paul Slootman
paul+rsync at wurtel.net
Tue Aug 13 07:51:05 MDT 2013
On Tue 13 Aug 2013, Matthias Schniedermeyer wrote:
>
> I read your sentence differently:
>
> > If he can make a HARD link to the shadow file, then he can already
> > read it - and worse.
>
> My understanding of your sentence says:
> The ability to hardlink, means that anyone can read any file they can
> make a hardlink to.
Then I didn't express myself clearly enough. Again, keep in mind I was
thinking from the perspective of a linux 3.6 and up kernel without any
sys tweaks.
> Having access to the directory entry is not the same as having access to
> the inode. User/group/permission is on the inode NOT the
> directory-entry.
I have access to the inode when I do an "ls -l" of the file :-P
perhaps you mean "modification permissions". Then again, when
hardlinking, I'm changing the link count which is stored in the inode... :)
I'm done here... coming back to the OP's problem: if the backup is made
by root, then a user should not be allowed to access all parts of that
backup. The security problem is there, and not in rsync.
Paul
More information about the rsync
mailing list