On Tue 13 Aug 2013, Matthias Schniedermeyer wrote: > > I read your sentence differently: > > > If he can make a HARD link to the shadow file, then he can already > > read it - and worse. > > My understanding of your sentence says: > The ability to hardlink, means that anyone can read any file they can > make a hardlink to.
Then I didn't express myself clearly enough. Again, keep in mind I was thinking from the perspective of a linux 3.6 and up kernel without any sys tweaks. > Having access to the directory entry is not the same as having access to > the inode. User/group/permission is on the inode NOT the > directory-entry. I have access to the inode when I do an "ls -l" of the file :-P perhaps you mean "modification permissions". Then again, when hardlinking, I'm changing the link count which is stored in the inode... :) I'm done here... coming back to the OP's problem: if the backup is made by root, then a user should not be allowed to access all parts of that backup. The security problem is there, and not in rsync. Paul -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
