| 1 |
On 01/30/2017 09:25 AM, Alan McKinnon wrote: |
| 2 |
>> |
| 3 |
>> Any user can create a hard link in its home directory to /etc/shadow, so |
| 4 |
>> long as (a) they live on the same filesystem, and (b) there are no |
| 5 |
>> special kernel protections in place to prevent it. If you call chown on |
| 6 |
>> that hard link, it will change the ownership of /etc/shadow. |
| 7 |
> |
| 8 |
> That is absolutely not true, at least for the case of classic Unix |
| 9 |
> filesystems. |
| 10 |
> |
| 11 |
> ... |
| 12 |
> |
| 13 |
> I cannot chmod, chown or chgrp |
| 14 |
> /etc/shadow because I do not own it, and the kernel will not let me ln |
| 15 |
> it either: |
| 16 |
> |
| 17 |
> alan@khamul /alan $ ln /etc/shadow |
| 18 |
> ln: failed to create hard link './shadow' => '/etc/shadow': Operation |
| 19 |
> not permitted |
| 20 |
> |
| 21 |
|
| 22 |
You have the fs.protected_hardlinks sysctl enabled. We patch that in |
| 23 |
gentoo-sources, but it's off by default in vanilla-sources. Try again |
| 24 |
with it disabled (and don't forget to turn it back on). Once the hard |
| 25 |
link has been created, a "chown -R foo /alan" or the equivalent "find |
| 26 |
..." command will change the ownership of /etc/shadow. |
Archives