1 |
On 01/30/2017 09:25 AM, Alan McKinnon wrote: |
2 |
>> |
3 |
>> Any user can create a hard link in its home directory to /etc/shadow, so |
4 |
>> long as (a) they live on the same filesystem, and (b) there are no |
5 |
>> special kernel protections in place to prevent it. If you call chown on |
6 |
>> that hard link, it will change the ownership of /etc/shadow. |
7 |
> |
8 |
> That is absolutely not true, at least for the case of classic Unix |
9 |
> filesystems. |
10 |
> |
11 |
> ... |
12 |
> |
13 |
> I cannot chmod, chown or chgrp |
14 |
> /etc/shadow because I do not own it, and the kernel will not let me ln |
15 |
> it either: |
16 |
> |
17 |
> alan@khamul /alan $ ln /etc/shadow |
18 |
> ln: failed to create hard link './shadow' => '/etc/shadow': Operation |
19 |
> not permitted |
20 |
> |
21 |
|
22 |
You have the fs.protected_hardlinks sysctl enabled. We patch that in |
23 |
gentoo-sources, but it's off by default in vanilla-sources. Try again |
24 |
with it disabled (and don't forget to turn it back on). Once the hard |
25 |
link has been created, a "chown -R foo /alan" or the equivalent "find |
26 |
..." command will change the ownership of /etc/shadow. |