rights associated with symbolic links >>

Hi Experts,

I will like to know how the effective rights to links operate.

let's suppose that the permissions on a particular program file "original"  has "no access" given to the world and this file had a symbolic link to another program  file "bogus" with "all access" given to the world. Do the access righs of the linking file take precedent to the access of the linked file.

In this case, does the "original" file that has no rights given to the world now allow "all rights" by the word to access this linked file "bogus".

I hope that this is not confusing.

In any event, I will appreciate if you could explain with really good examples.
Who is Participating?
chris_calabreseConnect With a Mentor Commented:
To access a file through a particular filesystem name, you must have privelege to follow the filesystem for the path lookup and also to access teh file itself.

Symbolic links operate on the namespace part of the equasion only.  If the file itself does not grant permission for a particular operation, the symbolic link can in no way extend the permissions.

All symbolic links do is change the name the system uses to lookup your file.  For example, if you give /a/b/c and /a/b is a symbolic link to /1/2/3, you will get to /1/2/3/c; however, you'll need permission to look in /a to find the link /a/b, plus permission to read /a/b to find where it points to, and finally permissions on /1, /1/2, /1/2/3, and /1/2/3/c.

So the bottom line is that symbolic links can not allow access where it didn't used to exist.
questionAuthor Commented:

could you give me a more detailed example to be more realistic.  What is coming through is that the access is based on the initial acccess granted to the file that is being linked.

I will appreciate your help.
Yes, to access a file through a symbolic link, you need:

1.  Access to the original file without the symbolic link coming into play.

2.  Access to the symbolic link itself (it's really just a file whose contents are the 'link text', but unlike NT links, there's a special flag to the kernel that it's a link instead of the link being resolved in user-space).

For example, if you don't have access to /a/b/c,
then you don't have access to /d/e/f either if it's a symbolic link to /a/b/c.  Even if you do have access to /a/b/c, you still can't access the same file through the name /d/e/f if you don't have permission to read /d, /d/e, or /d/e/f.
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

The systems uses links as a yelow-page. It first looks for the file (inode) that is the simbolic link, so you must have the rigths to acces this file (path access). Once the system grants you to read this file it goes to the path it is written inside and the access control starts again for the new search process, so you have to be granted to acces the destination (final file).


Imagine a link works like a index page.  To reach the file you first look for a name that ha
keep in mind that some UNIXs behave different on symbolic links. Most handle them as any other inode, means they can assign and check the permissions, but some (like AIX), do not allow this, symbolic links always have permissions 777).
On such system you have to take extreme care, if a chmod changes permissions on the inode of the link, or the target it points too (very ugly):
This question was awarded, but never cleared due to the JSP-500 errors of that time.  It was "stuck" against userID -1 versus the intended expert whom you awarded.  This corrects that and the expert will now receive these points, all verified.

Please click on your Member Profile, select "View Question History" to navigate through any open or locked questions you may have to update and finalize them.
Moderator @ Experts Exchange
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.