BackupPC-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BackupPC-users] Permission denied during backup

2008-12-19 09:31:49
Subject: Re: [BackupPC-users] Permission denied during backup
From: Johan Ehnberg <johan AT ehnberg DOT net>
To: "General list for user discussion, questions and support" <backuppc-users AT lists.sourceforge DOT net>
Date: Fri, 19 Dec 2008 16:29:10 +0200 

Adam Goryachev wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Johan Ehnberg wrote:
> 
>> File permissions work that way - you either need to be root or need to 
>> set access to the files (see 'man chown' and 'man chmod'). For secret 
>> files, such as cryptographic keys, it is not at all feasible to use 
>> loose permissions, which again brings us back to the need for root access.
> 
> BTW, not likely relevant in this specific case, but root can't access
> all files... damn, in trying to prove this to myself, I noticed it
> didn't work. However, I seem to recall that it was possible to deny root
> access to files by making the either owner/group root, and then setting
> permissions for owner/group to 0. Something like:
> 
> echo test > /tmp/test
> chown user.root /tmp/test
> chmod 600 /tmp/test
> since root has group permissions (root==root) then it would look to the
> group permissions to see if I can access the file. group perms are 0, so
> I would get a perm denied.
> 
> However, my quick test just now didn't work out like that.... can anyone
> confirm if this was only valid in older versions of linux, or suggest
> cases where it is valid?
> 
> BTW, this case is valid, and can work to deny access to a normal user..
> maybe:
> 
> echo test > /tmp/test
> chown usera.groupa /tmp/test
> chmod 604 /tmp/test
> 
> now anyone who is not usera AND is a member of groupa can not read the
> file, anyone else can read the file....
> 
> adamg@adamg-laptop:/tmp$ ls -l /tmp/test
> - -rw----r-- 1 root adamg 15 2008-12-20 00:48 /tmp/test
> adamg@adamg-laptop:/tmp$ id
> uid=1000(adamg) gid=1000(adamg) groups=1000(adamg)
> adamg@adamg-laptop:/tmp$ cat test
> cat: test: Permission denied
> 
> 
> Regards,
> Adam

Hi Adam!

You are right about root not being perfectly omnipotent. Here's one 
quite different case which I see in my logs all the time:

Remote[1]: rsync: readlink "/home/johan/.gvfs" failed: Permission denied 
(13)

'ls -la' gives (note the size!)
dr-x------  2 johan johan      0 2008-12-19 14:39 .gvfs

'sudo ls -la' gives
d?????????  ? ?     ?          ?                ? .gvfs

In my setup, there are no other files on a "normal" system that will not 
be backed up (when sane sane excludes are used).

Best regards,
Johan

------------------------------------------------------------------------------
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [BackupPC-users] Permission denied during backup, Pedro M. S. Oliveira
Next by Date:  Re: [BackupPC-users] Client initiated backups, input wanted, Jeffrey J. Kosowsky
Previous by Thread:  Re: [BackupPC-users] Permission denied during backup, Adam Goryachev
Next by Thread:  Re: [BackupPC-users] Permission denied during backup, Holger Parplies
Indexes:  [Date] [Thread] [Top] [All Lists]