From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-79416-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 27C5D139085
	for <garchives@archives.gentoo.org>; Sun, 29 Jan 2017 23:04:37 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id B4E03E0F05;
	Sun, 29 Jan 2017 23:04:29 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 6B3D2E0EFC
	for <gentoo-dev@lists.gentoo.org>; Sun, 29 Jan 2017 23:04:29 +0000 (UTC)
Received: from [192.168.1.100] (c-98-218-46-55.hsd1.md.comcast.net [98.218.46.55])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: mjo)
	by smtp.gentoo.org (Postfix) with ESMTPSA id 8380534167E
	for <gentoo-dev@lists.gentoo.org>; Sun, 29 Jan 2017 23:04:28 +0000 (UTC)
Subject: Re: [gentoo-dev] Requirements for UID/GID management
To: gentoo-dev@lists.gentoo.org
References: <9558d41c-17c0-4bbd-e2f8-02575c6d0ecd@gentoo.org>
 <CAGfcS_=biacBM0xsy0GX3_X0mOAd3BdgHDXYorSBkmwsoQ9sgQ@mail.gmail.com>
 <ee24eb83-4430-40ff-07d0-577bc188457d@gentoo.org>
 <CAGfcS_=V+xmBU+fFbMQBH39E9-y9CUaZt9Bok80Wg6_jboHcbQ@mail.gmail.com>
 <20170127183752.500f8910@patrickm>
 <CAGfcS_kcXOa+NC5Eh_qGb95uEaaKsarjsK92jOuTpUB=P5sXxg@mail.gmail.com>
 <4a8204d4-929e-6260-957a-dcf8f82f4b24@gentoo.org>
 <c350f01e-0bf8-f7b4-cfa0-ce6a9575e5e2@gmail.com>
 <9bceefb9-f7d2-06a4-2304-d31f627f7656@gentoo.org>
 <3fd11559-004c-11f8-609a-923ebc074539@gmail.com>
 <495556ab-637c-6b21-fac0-52d3bd1e4986@gentoo.org>
 <616a4068-8581-bce6-3359-50b1ff5a817d@gmail.com>
From: Michael Orlitzky <mjo@gentoo.org>
Message-ID: <8eb6fc27-8504-ad7d-7ad1-7272da662178@gentoo.org>
Date: Sun, 29 Jan 2017 18:04:25 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.6.0
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
In-Reply-To: <616a4068-8581-bce6-3359-50b1ff5a817d@gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 724822ae-45b7-4e1b-93dd-7b9daf70b199
X-Archives-Hash: a90b0a3a87514f042a82ed516fdfc802

On 01/29/2017 05:30 PM, Alan McKinnon wrote:
> 
> Good catch with symlinks.
> I don't see the point about hardlinks, they are just files with 2
> dentries. When find gets to the second one it's already changed, so no
> problem.
> 

Any user can create a hard link in its home directory to /etc/shadow, so
long as (a) they live on the same filesystem, and (b) there are no
special kernel protections in place to prevent it. If you call chown on
that hard link, it will change the ownership of /etc/shadow.

I thought real hard about ways to avoid that and ultimately gave up. The
only safe way to chown is to "chown away"; that is, switch to the guy
who owns the files, and then give them to someone else.