2

Our backup system duplicity does not support Linux hard links. To prevent data loss, I want to enforce that no hard links exist on our systems. AFAIK, there is no ext4 mount option to disable hard link functionality.

I could remove the ln utility but this would not disable the underlying system call (and besides, I want to keep symlinks).

Anyone got a good idea how to solve this? Recompile the kernel with EXT4_LINK_MAX set to 1?

Willem
  • 2,872
  • 4
  • 28
  • 35
  • 4
    Arguably your backups won't be incomplete because [hard linked files will be backed up](http://duplicity.nongnu.org/duplicity.1.html#sect28), multiple times even, you only can't restore them as hard links anymore but only as separate individual files. – HBruijn Oct 11 '16 at 18:07
  • 2
    `Anyone got a good idea how to solve this` Get a better backup system. – user9517 Oct 11 '16 at 20:39
  • 1
    Trying to disable hardlinks seems like a horrible idea. I suspect it will seriously break your system. You really should look for a better backup system. – Zoredache Oct 11 '16 at 23:08

1 Answers1

0

The first solution that comes to mind for me is creating aliases for all users so that ln = ln -s.

You can do this by creating a script in /etc/profile.d: 

sudo vim /etc/profile.d/aliases.sh

Then insert your alias: 

alias ln='ln -s'

Close and reopen your terminals or execute exec bash (assumes you're using bash)

This should prevent anyone from executing hardlinks instead of symbolic.

wilbo
  • 84
  • 2
  • 1
    And when one calls `/bin/ln`, the oriignal `ln` binary is called and the alias has no effect. – Tero Kilkanen Oct 11 '16 at 18:11
  • Good point. In that case perhaps using a different shell? I don't know how to restrict commands in bash, not sure if you can. but lshell "limited shell" can. There's even an older SE article on doing something similar: http://unix.stackexchange.com/a/91004 Could just changing the other user shells to lshell be a viable solution? – wilbo Oct 11 '16 at 22:21
  • `first solution that comes to mind for me is creating aliases for all users` - The problem of course is that most programming languages other then your shell scripts will be using [link()](http://man7.org/linux/man-pages/man2/link.2.html) kernel function directly, and not calling the ln binary. – Zoredache Oct 11 '16 at 22:39