Re: [BackupPC-users] Permission denied during backup
2008-12-19 09:31:49
Adam Goryachev wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Johan Ehnberg wrote:
>
>> File permissions work that way - you either need to be root or need to
>> set access to the files (see 'man chown' and 'man chmod'). For secret
>> files, such as cryptographic keys, it is not at all feasible to use
>> loose permissions, which again brings us back to the need for root access.
>
> BTW, not likely relevant in this specific case, but root can't access
> all files... damn, in trying to prove this to myself, I noticed it
> didn't work. However, I seem to recall that it was possible to deny root
> access to files by making the either owner/group root, and then setting
> permissions for owner/group to 0. Something like:
>
> echo test > /tmp/test
> chown user.root /tmp/test
> chmod 600 /tmp/test
> since root has group permissions (root==root) then it would look to the
> group permissions to see if I can access the file. group perms are 0, so
> I would get a perm denied.
>
> However, my quick test just now didn't work out like that.... can anyone
> confirm if this was only valid in older versions of linux, or suggest
> cases where it is valid?
>
> BTW, this case is valid, and can work to deny access to a normal user..
> maybe:
>
> echo test > /tmp/test
> chown usera.groupa /tmp/test
> chmod 604 /tmp/test
>
> now anyone who is not usera AND is a member of groupa can not read the
> file, anyone else can read the file....
>
> adamg@adamg-laptop:/tmp$ ls -l /tmp/test
> - -rw----r-- 1 root adamg 15 2008-12-20 00:48 /tmp/test
> adamg@adamg-laptop:/tmp$ id
> uid=1000(adamg) gid=1000(adamg) groups=1000(adamg)
> adamg@adamg-laptop:/tmp$ cat test
> cat: test: Permission denied
>
>
> Regards,
> Adam
Hi Adam!
You are right about root not being perfectly omnipotent. Here's one
quite different case which I see in my logs all the time:
Remote[1]: rsync: readlink "/home/johan/.gvfs" failed: Permission denied
(13)
'ls -la' gives (note the size!)
dr-x------ 2 johan johan 0 2008-12-19 14:39 .gvfs
'sudo ls -la' gives
d????????? ? ? ? ? ? .gvfs
In my setup, there are no other files on a "normal" system that will not
be backed up (when sane sane excludes are used).
Best regards,
Johan
------------------------------------------------------------------------------
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
|
|