Thanks Richard for your reply and your great work on QuickFacts!
Anyway, I would mitigate your answer on two points :
- is your reply also correct if dsmc is setuid-ed for a non superuser ?
- For backup, solely an authorized user or a root user can backup files
while keeping ownership of the original file. It differs effectively
from Archive.
As quoted in the sec. guide :
"""The reason why a non-authorized user can archive files that the
non-authorized user does
not own, although this user cannot back them up, is that otherwise the
version-based policy of
backed up objects allows the user to quickly saved object versions by
running repeated
backup operations. That way, a user can force the expiration of
historical data, which belongs
to other users, that was not supposed to be removed from storage at that
time."""
Regards,
Marc
Richard Sims a écrit :
Marc -
The IBM quote describes what happens in the general case with
Archive: that the Owner is assigned as the invoker of the Archive
command - rather than the owner as seen in OS file system
attributes. (This differs from Backup, where the assigned Owner is
always taken from the OS file system attributes.)
In the unusual case where the customer alters the dsmc binary to make
it setuid root, then invokes that as an ordinary user, the Owner is
assigned as the real invoker of the Archive command (not root). This
tracks with the User Name as reported in the 'dsmc Query SEssion'
command, under the same invocation circumstances.
Richard Sims http://people.bu.edu/rbs/
|