I had a directory, files
, containing some files on computerA. The directory was owned by user/group root and the files within were also owned by the same. The directory and file permissions were rwxr-xr-x
I was logged in on computerB as a non-root user and wanted to transfer this whole directory over using rsync so I issued the following command :
computerB_$ rsync -ave ssh non-root@computerA:/files .
I used a non-privileged user name to log into computerA to download the files directory. The above command was successful.
The worrying this was that on computerA the files
directory and all the files within were owned by root but I was able to transfer a root /user/group owned directory to computerB as a non-root user. Also once the directory had been transferred onto computerB it inherited the local users ownership permissions. What is there to stop any non-root user logging into computerA, so long as they have an account on that machine, and downloading sensitive system files and directories ?