On 13.08.2013 12:29, Paul Slootman wrote: > On Tue 13 Aug 2013, Matthias Schniedermeyer wrote: > > On 13.08.2013 09:52, Paul Slootman wrote: > > > On Tue 13 Aug 2013, Sherin A wrote: > > > > > > > But if a user create a > > > > hard link to /etc/shadow from his home dir , and he request a restore , > > > > then he can read the shadow files and decrypt it . > > > > > > If he can make a HARD link to the shadow file, then he can already read > > > it - and worse. > > > > No. > > My mistake for assuming that people run current linux kernels... > > /proc/sys/fs/protected_hardlinks (since Linux 3.6) > When the value in this file is 0, no restrictions are placed on > the creation of hard links (i.e., this is the historical behav??? > iour before Linux 3.6). When the value in this file is 1, a > hard link can be created to a target file only if one of the > following conditions is true: > > I would suggest that upgrading the kernel is a better solution for the > OP than patching rsync. If your backup strategy involves backuping up > files as root to a medium that is readable by everyone so that the link > in the user's home directory is restorable as the user, then there are > more problems waiting to happen besides this...
That aside that's not what i meant. Hardlinking a file doesn't change it's owner/group/permission (All Hardlinks have the same user/group/permissions). Even though i CAN: ln /etc/shadow my_shadow The file still, in my case, belongs to root with group shadow. So my user can't read the file. -- Matthias -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html