On 30/01/2017 01:04, Michael Orlitzky wrote: > On 01/29/2017 05:30 PM, Alan McKinnon wrote: >> >> Good catch with symlinks. >> I don't see the point about hardlinks, they are just files with 2 >> dentries. When find gets to the second one it's already changed, so no >> problem. >> > > Any user can create a hard link in its home directory to /etc/shadow, so > long as (a) they live on the same filesystem, and (b) there are no > special kernel protections in place to prevent it. If you call chown on > that hard link, it will change the ownership of /etc/shadow.
That is absolutely not true, at least for the case of classic Unix filesystems. hardlinks are exactly the same thing as regular files. For any given filesystem object there is a dentry, and that dentry points to an inode. Usually that is the end of the matter. When we create hardlinked files all we are doing is create a new dentry and point it to an inode that is already there. The so-called "hardlinked" file is a fiction, the instant you do it the new dentry operates just like any other file and is not even aware of other dentries pointing to the same inode. The point being, there is only one inode, and that is where the ownerships and permissions are. I cannot chmod, chown or chgrp /etc/shadow because I do not own it, and the kernel will not let me ln it either: alan@khamul /alan $ ls -ald /alan/ drwxr-xr-x 2 alan root 4096 Jan 30 16:10 /alan/ alan@khamul /alan $ ln /etc/shadow ln: failed to create hard link './shadow' => '/etc/shadow': Operation not permitted alan@khamul /alan $ ls -al /etc/shadow -rw-r----- 1 root root 1655 Dec 31 14:43 /etc/shadow alan@khamul /alan $ stat /etc/shadow File: /etc/shadow Size: 1655 Blocks: 8 IO Block: 4096 regular file Device: 815h/2069d Inode: 1188230 Links: 1 Access: (0640/-rw-r-----) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2016-12-31 14:43:29.556174143 +0200 Modify: 2016-12-31 14:43:29.556174143 +0200 Change: 2016-12-31 14:43:29.568174144 +0200 Birth: - The only thing I can do after hardlinking a file is what I could do before. > I thought real hard about ways to avoid that and ultimately gave up. The > only safe way to chown is to "chown away"; that is, switch to the guy > who owns the files, and then give them to someone else. This is also not true. Only root can chown the owner of a file, and a regular user cannot give files away. The only ownership actions a user can do on a file is chgrp but only if the user is the owner, and then only to a group the user is a member of. -- Alan McKinnon alan.mckin...@gmail.com
