Re: [gentoo-dev] Requirements for UID/GID management

[Patrick McLean <chutzpah@gentoo.org>]

On Mon, 30 Jan 2017 11:29:02 -0500
Michael Orlitzky <mjo@gentoo.org> wrote:

> On 01/30/2017 09:25 AM, Alan McKinnon wrote:
> >>
> >> Any user can create a hard link in its home directory
> >> to /etc/shadow, so long as (a) they live on the same filesystem,
> >> and (b) there are no special kernel protections in place to
> >> prevent it. If you call chown on that hard link, it will change
> >> the ownership of /etc/shadow.  
> > 
> > That is absolutely not true, at least for the case of classic Unix
> > filesystems.
> > 
> > ...
> > 
> > I cannot chmod, chown or chgrp
> > /etc/shadow because I do not own it, and the kernel will not let me
> > ln it either:
> > 
> > alan@khamul /alan $ ln /etc/shadow
> > ln: failed to create hard link './shadow' => '/etc/shadow':
> > Operation not permitted
> >   
> 
> You have the fs.protected_hardlinks sysctl enabled. We patch that in
> gentoo-sources, but it's off by default in vanilla-sources. Try again
> with it disabled (and don't forget to turn it back on). Once the hard
> link has been created, a "chown -R foo /alan" or the equivalent "find
> ..." command will change the ownership of /etc/shadow.
> 
> 

No, that is also enabled by default on vanilla kernels, I just verified
on my machine running a vanilla kernel. It doesn't matter anyway, since
the permissions and ownership information is stored in the inode, not
the dentry so all hardlinks have exactly the same permissions.