[NTLUG:Discuss] Is there a way to change permissions of a link

Steve Baker sjbaker1 at airmail.net
Wed Nov 1 18:09:36 CST 2000 

Neil Aggarwal wrote:

> Thank you for the long disucssion of how symbolic links work.
> It was really very informative.

And *LONG*  :-)
 
> But my initial questions still remains.  Since the link is just
> a file, it has its own set of permissions.  Shoudlnt I be able to make
> the symlink readonly but have the file it points to be read/write?

Well, in theory...but not in practice.  When anything looks
up the inode giving the link's filename as reference, the filesystem
intercepts it and looks up the destination file's inode instead. Hence
the link has all the properties of the destination file.  There are
ways for a program to deliberately ask for the link's properties - but
things that check permissions (like the kernel itself) don't do that.

The gory details are in the 'stat' man page if you really care.

IIRC, the argument is that since anyone can create a link to ANY
file (even one they don't own or have permission to access) then
this would either be a security leak - or something *VERY* confusing
- and it would break existing programs:

  * If symlink permissions mattered then:

      % ln -s /etc/passwd  my_passwd
      % chmod a+w my_passwd
      % vi my_passwd

    ...would actually *work* !!  That would *not* be good.

  * If the kernel looked at BOTH the link permissions *AND* the
    file permissions and gave you the worst case set - then programs
    that check the permissions of a file would have to enquire about
    both the link and the file...and lots of old programs that existed
    long before symlinks were implemented would break.

It's just nasty...so it's not implemented that way - and Linux (and I think
all other modern UNIXen) simply ignore all of the information in the inode
of the link file and ALWAYS return the information from the inode of the
file that's linked to.

> If so, how can I do this?
 
Er - I've forgotten the question!

You want a file to have different permissions when 'seen' from the symlink
than it has from the file itself...that's not possible...neither with soft
OR hard links.  :-(

However, you might be able to do something by using the permissions of
the directory that the links and the actual files are in.

Tell me the problem and something about the application - maybe there
is still something that can be done.

-- 
Steve Baker   HomeEmail: <sjbaker1 at airmail.net>
              WorkEmail: <sjbaker at link.com>
              HomePage : http://web2.airmail.net/sjbaker1
              Projects : http://plib.sourceforge.net
                         http://tuxaqfh.sourceforge.net
                         http://tuxkart.sourceforge.net
                         http://prettypoly.sourceforge.net

More information about the Discuss mailing list