1 |
On 01/29/2017 05:30 PM, Alan McKinnon wrote: |
2 |
> |
3 |
> Good catch with symlinks. |
4 |
> I don't see the point about hardlinks, they are just files with 2 |
5 |
> dentries. When find gets to the second one it's already changed, so no |
6 |
> problem. |
7 |
> |
8 |
|
9 |
Any user can create a hard link in its home directory to /etc/shadow, so |
10 |
long as (a) they live on the same filesystem, and (b) there are no |
11 |
special kernel protections in place to prevent it. If you call chown on |
12 |
that hard link, it will change the ownership of /etc/shadow. |
13 |
|
14 |
I thought real hard about ways to avoid that and ultimately gave up. The |
15 |
only safe way to chown is to "chown away"; that is, switch to the guy |
16 |
who owns the files, and then give them to someone else. |