| 1 |
On 01/29/2017 05:30 PM, Alan McKinnon wrote: |
| 2 |
> |
| 3 |
> Good catch with symlinks. |
| 4 |
> I don't see the point about hardlinks, they are just files with 2 |
| 5 |
> dentries. When find gets to the second one it's already changed, so no |
| 6 |
> problem. |
| 7 |
> |
| 8 |
|
| 9 |
Any user can create a hard link in its home directory to /etc/shadow, so |
| 10 |
long as (a) they live on the same filesystem, and (b) there are no |
| 11 |
special kernel protections in place to prevent it. If you call chown on |
| 12 |
that hard link, it will change the ownership of /etc/shadow. |
| 13 |
|
| 14 |
I thought real hard about ways to avoid that and ultimately gave up. The |
| 15 |
only safe way to chown is to "chown away"; that is, switch to the guy |
| 16 |
who owns the files, and then give them to someone else. |
Archives