[sclug] root-like read-all but not write ability?

David Given dg at cowlark.com
Wed Sep 5 22:13:32 UTC 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Stumbles wrote:
> A backup program I'm writing needs to be able to read all files and
> traverse all directories on the system (as root can do) but it would be
> nice if it didn't have to be trusted with root's write privileges, since
> it doesn't need them. I suspect this is one of those wouldn't-it-be-nice
> things that aren't actually possible, but maybe I'm missing something?

It's pretty hacky, but you could always export your root filesystem via NFS
with all_squash and ro, and then reimport it again; naturally, you restrict
importers to 127.0.0.1. Be aware that this does allow the importer to see all
files, which is a bit of a security hole (to say the least!).

- --
??? ?????????????? ??? http://www.cowlark.com ???????????????????
?
? "There does not now, nor will there ever, exist a programming language in
? which it is the least bit hard to write bad programs." --- Flon's Axiom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG3yoMf9E0noFvlzgRAkZ+AKC7+q2uvFSXz1RHgiFyBDiZ5skXcgCfXFYk
l2h9ldQJCK9VapCSZIpjjjA=
=v1a2
-----END PGP SIGNATURE-----




More information about the Sclug mailing list