BackupPC-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BackupPC-users] Permission denied during backup

2008-12-19 08:57:56
Subject: Re: [BackupPC-users] Permission denied during backup
From: Adam Goryachev <mailinglists AT websitemanagers.com DOT au>
To: "General list for user discussion, questions and support" <backuppc-users AT lists.sourceforge DOT net>
Date: Sat, 20 Dec 2008 00:55:45 +1100 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Johan Ehnberg wrote:

> File permissions work that way - you either need to be root or need to 
> set access to the files (see 'man chown' and 'man chmod'). For secret 
> files, such as cryptographic keys, it is not at all feasible to use 
> loose permissions, which again brings us back to the need for root access.

BTW, not likely relevant in this specific case, but root can't access
all files... damn, in trying to prove this to myself, I noticed it
didn't work. However, I seem to recall that it was possible to deny root
access to files by making the either owner/group root, and then setting
permissions for owner/group to 0. Something like:

echo test > /tmp/test
chown user.root /tmp/test
chmod 600 /tmp/test
since root has group permissions (root==root) then it would look to the
group permissions to see if I can access the file. group perms are 0, so
I would get a perm denied.

However, my quick test just now didn't work out like that.... can anyone
confirm if this was only valid in older versions of linux, or suggest
cases where it is valid?

BTW, this case is valid, and can work to deny access to a normal user..
maybe:

echo test > /tmp/test
chown usera.groupa /tmp/test
chmod 604 /tmp/test

now anyone who is not usera AND is a member of groupa can not read the
file, anyone else can read the file....

adamg@adamg-laptop:/tmp$ ls -l /tmp/test
- -rw----r-- 1 root adamg 15 2008-12-20 00:48 /tmp/test
adamg@adamg-laptop:/tmp$ id
uid=1000(adamg) gid=1000(adamg) groups=1000(adamg)
adamg@adamg-laptop:/tmp$ cat test
cat: test: Permission denied


Regards,
Adam
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAklLp9sACgkQGyoxogrTyiWEVACfXU8MS3zFE6FFxhrJN0JIWMon
okAAn3XTxLDvzcZuJzsEBnyMIhF8QsCI
=jA/6
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [BackupPC-users] Client initiated backups, input wanted, Johan Ehnberg
Next by Date:  Re: [BackupPC-users] Permission denied during backup, Pedro M. S. Oliveira
Previous by Thread:  Re: [BackupPC-users] Permission denied during backup, Johan Ehnberg
Next by Thread:  Re: [BackupPC-users] Permission denied during backup, Johan Ehnberg
Indexes:  [Date] [Thread] [Top] [All Lists]