On Mon, 30 Jan 2017 11:29:02 -0500 Michael Orlitzky <m...@gentoo.org> wrote:
> On 01/30/2017 09:25 AM, Alan McKinnon wrote: > >> > >> Any user can create a hard link in its home directory > >> to /etc/shadow, so long as (a) they live on the same filesystem, > >> and (b) there are no special kernel protections in place to > >> prevent it. If you call chown on that hard link, it will change > >> the ownership of /etc/shadow. > > > > That is absolutely not true, at least for the case of classic Unix > > filesystems. > > > > ... > > > > I cannot chmod, chown or chgrp > > /etc/shadow because I do not own it, and the kernel will not let me > > ln it either: > > > > alan@khamul /alan $ ln /etc/shadow > > ln: failed to create hard link './shadow' => '/etc/shadow': > > Operation not permitted > > > > You have the fs.protected_hardlinks sysctl enabled. We patch that in > gentoo-sources, but it's off by default in vanilla-sources. Try again > with it disabled (and don't forget to turn it back on). Once the hard > link has been created, a "chown -R foo /alan" or the equivalent "find > ..." command will change the ownership of /etc/shadow. > > No, that is also enabled by default on vanilla kernels, I just verified on my machine running a vanilla kernel. It doesn't matter anyway, since the permissions and ownership information is stored in the inode, not the dentry so all hardlinks have exactly the same permissions.
