| 1 |
On 30/01/2017 01:04, Michael Orlitzky wrote: |
| 2 |
> On 01/29/2017 05:30 PM, Alan McKinnon wrote: |
| 3 |
>> |
| 4 |
>> Good catch with symlinks. |
| 5 |
>> I don't see the point about hardlinks, they are just files with 2 |
| 6 |
>> dentries. When find gets to the second one it's already changed, so no |
| 7 |
>> problem. |
| 8 |
>> |
| 9 |
> |
| 10 |
> Any user can create a hard link in its home directory to /etc/shadow, so |
| 11 |
> long as (a) they live on the same filesystem, and (b) there are no |
| 12 |
> special kernel protections in place to prevent it. If you call chown on |
| 13 |
> that hard link, it will change the ownership of /etc/shadow. |
| 14 |
|
| 15 |
That is absolutely not true, at least for the case of classic Unix |
| 16 |
filesystems. |
| 17 |
|
| 18 |
hardlinks are exactly the same thing as regular files. For any given |
| 19 |
filesystem object there is a dentry, and that dentry points to an inode. |
| 20 |
Usually that is the end of the matter. |
| 21 |
|
| 22 |
When we create hardlinked files all we are doing is create a new dentry |
| 23 |
and point it to an inode that is already there. The so-called |
| 24 |
"hardlinked" file is a fiction, the instant you do it the new dentry |
| 25 |
operates just like any other file and is not even aware of other |
| 26 |
dentries pointing to the same inode. |
| 27 |
|
| 28 |
The point being, there is only one inode, and that is where the |
| 29 |
ownerships and permissions are. I cannot chmod, chown or chgrp |
| 30 |
/etc/shadow because I do not own it, and the kernel will not let me ln |
| 31 |
it either: |
| 32 |
|
| 33 |
alan@khamul /alan $ ls -ald /alan/ |
| 34 |
drwxr-xr-x 2 alan root 4096 Jan 30 16:10 /alan/ |
| 35 |
alan@khamul /alan $ ln /etc/shadow |
| 36 |
ln: failed to create hard link './shadow' => '/etc/shadow': Operation |
| 37 |
not permitted |
| 38 |
alan@khamul /alan $ ls -al /etc/shadow |
| 39 |
-rw-r----- 1 root root 1655 Dec 31 14:43 /etc/shadow |
| 40 |
alan@khamul /alan $ stat /etc/shadow |
| 41 |
File: /etc/shadow |
| 42 |
Size: 1655 Blocks: 8 IO Block: 4096 regular file |
| 43 |
Device: 815h/2069d Inode: 1188230 Links: 1 |
| 44 |
Access: (0640/-rw-r-----) Uid: ( 0/ root) Gid: ( 0/ root) |
| 45 |
Access: 2016-12-31 14:43:29.556174143 +0200 |
| 46 |
Modify: 2016-12-31 14:43:29.556174143 +0200 |
| 47 |
Change: 2016-12-31 14:43:29.568174144 +0200 |
| 48 |
Birth: - |
| 49 |
|
| 50 |
The only thing I can do after hardlinking a file is what I could do before. |
| 51 |
|
| 52 |
> I thought real hard about ways to avoid that and ultimately gave up. The |
| 53 |
> only safe way to chown is to "chown away"; that is, switch to the guy |
| 54 |
> who owns the files, and then give them to someone else. |
| 55 |
|
| 56 |
This is also not true. |
| 57 |
|
| 58 |
Only root can chown the owner of a file, and a regular user cannot give |
| 59 |
files |
| 60 |
away. The only ownership actions a user can do on a file is chgrp but |
| 61 |
only if |
| 62 |
the user is the owner, and then only to a group the user is a member of. |
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
-- |
| 67 |
Alan McKinnon |
| 68 |
alan.mckinnon@×××××.com |
Archives