[sclug] root-like read-all but not write ability?

David Newcomb david.newcomb at bigsoft.co.uk
Thu Sep 6 09:11:15 UTC 2007


John,

What I tend to do is get root to tar up the filesystem(s) and place them in
an area that only the tape user can read, then the tape program runs and just
picks them up.

Regards,
David.

On Wed, 05 Sep 2007 David Given <dg at cowlark.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> John Stumbles wrote:
>> A backup program I'm writing needs to be able to read all files and
>> traverse all directories on the system (as root can do) but it would be
>> nice if it didn't have to be trusted with root's write privileges, since
>> it doesn't need them. I suspect this is one of those wouldn't-it-be-nice
>> things that aren't actually possible, but maybe I'm missing something?
>
> It's pretty hacky, but you could always export your root filesystem via NFS
> with all_squash and ro, and then reimport it again; naturally, you restrict
> importers to 127.0.0.1. Be aware that this does allow the importer to see all
> files, which is a bit of a security hole (to say the least!).
>
> - --
> ??? ?????????????? ??? http://www.cowlark.com ???????????????????
> ?
> ? "There does not now, nor will there ever, exist a programming language in
> ? which it is the least bit hard to write bad programs." --- Flon's Axiom
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFG3yoMf9E0noFvlzgRAkZ+AKC7+q2uvFSXz1RHgiFyBDiZ5skXcgCfXFYk
> l2h9ldQJCK9VapCSZIpjjjA=
> =v1a2
> -----END PGP SIGNATURE-----
>
>



Regards,
David
---------------------------------------
Managing Director
+44 (0) 7866 262 398
BigSoft Limited
Reading, UK
http://www.bigsoft.co.uk/
Registered in Cardiff, Wales 3960621




More information about the Sclug mailing list