From: Alan McKinnon <alan.mckinnon@gmail.com>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Requirements for UID/GID management
Date: Mon, 30 Jan 2017 16:25:56 +0200 [thread overview]
Message-ID: <8bfa7182-7a02-7ecb-42d1-37c2d130f586@gmail.com> (raw)
In-Reply-To: <8eb6fc27-8504-ad7d-7ad1-7272da662178@gentoo.org>
On 30/01/2017 01:04, Michael Orlitzky wrote:
> On 01/29/2017 05:30 PM, Alan McKinnon wrote:
>>
>> Good catch with symlinks.
>> I don't see the point about hardlinks, they are just files with 2
>> dentries. When find gets to the second one it's already changed, so no
>> problem.
>>
>
> Any user can create a hard link in its home directory to /etc/shadow, so
> long as (a) they live on the same filesystem, and (b) there are no
> special kernel protections in place to prevent it. If you call chown on
> that hard link, it will change the ownership of /etc/shadow.
That is absolutely not true, at least for the case of classic Unix
filesystems.
hardlinks are exactly the same thing as regular files. For any given
filesystem object there is a dentry, and that dentry points to an inode.
Usually that is the end of the matter.
When we create hardlinked files all we are doing is create a new dentry
and point it to an inode that is already there. The so-called
"hardlinked" file is a fiction, the instant you do it the new dentry
operates just like any other file and is not even aware of other
dentries pointing to the same inode.
The point being, there is only one inode, and that is where the
ownerships and permissions are. I cannot chmod, chown or chgrp
/etc/shadow because I do not own it, and the kernel will not let me ln
it either:
alan@khamul /alan $ ls -ald /alan/
drwxr-xr-x 2 alan root 4096 Jan 30 16:10 /alan/
alan@khamul /alan $ ln /etc/shadow
ln: failed to create hard link './shadow' => '/etc/shadow': Operation
not permitted
alan@khamul /alan $ ls -al /etc/shadow
-rw-r----- 1 root root 1655 Dec 31 14:43 /etc/shadow
alan@khamul /alan $ stat /etc/shadow
File: /etc/shadow
Size: 1655 Blocks: 8 IO Block: 4096 regular file
Device: 815h/2069d Inode: 1188230 Links: 1
Access: (0640/-rw-r-----) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2016-12-31 14:43:29.556174143 +0200
Modify: 2016-12-31 14:43:29.556174143 +0200
Change: 2016-12-31 14:43:29.568174144 +0200
Birth: -
The only thing I can do after hardlinking a file is what I could do before.
> I thought real hard about ways to avoid that and ultimately gave up. The
> only safe way to chown is to "chown away"; that is, switch to the guy
> who owns the files, and then give them to someone else.
This is also not true.
Only root can chown the owner of a file, and a regular user cannot give
files
away. The only ownership actions a user can do on a file is chgrp but
only if
the user is the owner, and then only to a group the user is a member of.
--
Alan McKinnon
alan.mckinnon@gmail.com
next prev parent reply other threads:[~2017-01-30 14:29 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-27 17:54 [gentoo-dev] Requirements for UID/GID management Michael Orlitzky
2017-01-27 18:19 ` Alexis Ballier
2017-01-27 18:52 ` Rich Freeman
2017-01-27 19:35 ` Michael Orlitzky
2017-01-27 19:53 ` Rich Freeman
2017-01-27 20:09 ` Michael Orlitzky
2017-01-27 21:23 ` Rich Freeman
2017-01-28 3:02 ` [gentoo-dev] " Duncan
2017-01-28 2:37 ` [gentoo-dev] " Patrick McLean
2017-01-28 3:20 ` Michael Orlitzky
2017-01-28 4:21 ` Rich Freeman
2017-01-29 1:56 ` Michael Orlitzky
2017-01-29 2:22 ` Rich Freeman
2017-01-29 2:48 ` Michael Orlitzky
2017-01-29 2:54 ` Michael Orlitzky
2017-01-29 3:23 ` Gordon Pettey
2017-01-29 3:36 ` M. J. Everitt
2017-01-29 3:42 ` Michael Orlitzky
2017-01-29 10:03 ` Ulrich Mueller
2017-01-29 11:16 ` Michał Górny
2017-01-29 17:19 ` Michael Orlitzky
2017-01-29 3:05 ` M. J. Everitt
2017-01-29 8:26 ` Alan McKinnon
2017-01-29 17:05 ` Michael Orlitzky
2017-01-29 17:22 ` A. Wilcox
2017-01-29 19:31 ` james
2017-01-29 22:07 ` Alan McKinnon
2017-01-29 22:20 ` Michael Orlitzky
2017-01-29 22:30 ` Alan McKinnon
2017-01-29 23:04 ` Michael Orlitzky
2017-01-30 14:25 ` Alan McKinnon [this message]
2017-01-30 16:29 ` Michael Orlitzky
2017-01-30 18:05 ` Patrick McLean
2017-01-30 18:22 ` Michael Orlitzky
2017-01-30 18:43 ` Kristian Fiskerstrand
2017-02-03 14:51 ` [gentoo-dev] " Martin Vaeth
2017-02-03 19:29 ` Michael Orlitzky
2017-02-04 8:50 ` Christopher Head
2017-02-04 15:02 ` Michael Orlitzky
2017-02-04 18:03 ` Martin Vaeth
2017-01-28 11:28 ` [gentoo-dev] " James Le Cuirot
2017-01-28 22:54 ` Patrick McLean
2017-01-28 18:13 ` A. Wilcox
2017-01-28 19:32 ` James Le Cuirot
2017-01-28 20:34 ` Rich Freeman
2017-01-28 21:29 ` James Le Cuirot
2017-01-29 17:16 ` A. Wilcox
2017-01-29 17:34 ` James Le Cuirot
2017-01-27 19:45 ` Gregory Woodbury
2017-01-28 11:32 ` Tom H
2017-01-27 21:15 ` Michał Górny
2017-01-28 0:10 ` Michael Orlitzky
2017-01-29 22:13 ` Michael Orlitzky
2017-01-29 23:34 ` Ulrich Mueller
2017-01-29 23:45 ` Michael Orlitzky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8bfa7182-7a02-7ecb-42d1-37c2d130f586@gmail.com \
--to=alan.mckinnon@gmail.com \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox