Re: [Networker] recover command and security
2004-01-23 15:40:53
On Fri, 2004-01-23 at 12:53, Joel Krajden wrote:
> Is there any way to prevent an ordinary user from recovering files that do not
> belong to the user. I thought this problem was fixed but I just used the linux
> 6.1.3 client to recover a file belonging to root which was restored as
> belonging to me.
Are you sure the user running recover:
1) Cannot read the file on the filesystem (unix permissions)
2) Is not defined as an admin in networker
>>From a legato 6.1.4 client on Red Hat 7.3 as a normal user:
[scottrus@ltcserv-eth scottrus]$ ls -al /etc/passwd /etc/shadow
-rw-r--r-- 1 root root 1869 Dec 16 12:54 /etc/passwd
-r-------- 1 root root 1805 Dec 16 12:54 /etc/shadow
recover: Current working directory is /home/scottrus/
recover> add /etc/passwd
/etc
1 file(s) marked for recovery
recover> add /etc/shadow
/etc
/etc/shadow: Permission denied
1 file(s) marked for recovery
recover> list
/etc/passwd @ Fri Jan 16 22:26:48 2004
1 file(s) marked for recovery
This shows that I can recover the /etc/passwd file, which makes sense
because the user 'scottrus' has read access to it on the file system
(unix perms). I cannot recover the /etc/shadow file becuase the user
'scottrus' cannot read it.
--
Scott Russell <lnxgeek AT us.ibm DOT com>
Linux Technology Center System Admin
http://ltc.linux.ibm.com/
--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listmail.temple DOT edu or visit the list's Web site at
http://listmail.temple.edu/archives/networker.html where you can
also view and post messages to the list.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
|
|
|