Adam Goryachev wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Johan Ehnberg wrote: > >> File permissions work that way - you either need to be root or need to >> set access to the files (see 'man chown' and 'man chmod'). For secret >> files, such as cryptographic keys, it is not at all feasible to use >> loose permissions, which again brings us back to the need for root access. > > BTW, not likely relevant in this specific case, but root can't access > all files... damn, in trying to prove this to myself, I noticed it > didn't work. However, I seem to recall that it was possible to deny root > access to files by making the either owner/group root, and then setting > permissions for owner/group to 0. Something like: > > echo test > /tmp/test > chown user.root /tmp/test > chmod 600 /tmp/test > since root has group permissions (root==root) then it would look to the > group permissions to see if I can access the file. group perms are 0, so > I would get a perm denied. > > However, my quick test just now didn't work out like that.... can anyone > confirm if this was only valid in older versions of linux, or suggest > cases where it is valid? > > BTW, this case is valid, and can work to deny access to a normal user.. > maybe: > > echo test > /tmp/test > chown usera.groupa /tmp/test > chmod 604 /tmp/test > > now anyone who is not usera AND is a member of groupa can not read the > file, anyone else can read the file.... > > ad...@adamg-laptop:/tmp$ ls -l /tmp/test > - -rw----r-- 1 root adamg 15 2008-12-20 00:48 /tmp/test > ad...@adamg-laptop:/tmp$ id > uid=1000(adamg) gid=1000(adamg) groups=1000(adamg) > ad...@adamg-laptop:/tmp$ cat test > cat: test: Permission denied > > > Regards, > Adam
Hi Adam! You are right about root not being perfectly omnipotent. Here's one quite different case which I see in my logs all the time: Remote[1]: rsync: readlink "/home/johan/.gvfs" failed: Permission denied (13) 'ls -la' gives (note the size!) dr-x------ 2 johan johan 0 2008-12-19 14:39 .gvfs 'sudo ls -la' gives d????????? ? ? ? ? ? .gvfs In my setup, there are no other files on a "normal" system that will not be backed up (when sane sane excludes are used). Best regards, Johan ------------------------------------------------------------------------------ _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
