Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


rights associated with symbolic links >>

Posted on 1999-06-25
Medium Priority
Last Modified: 2010-04-21
Hi Experts,

I will like to know how the effective rights to links operate.

let's suppose that the permissions on a particular program file "original"  has "no access" given to the world and this file had a symbolic link to another program  file "bogus" with "all access" given to the world. Do the access righs of the linking file take precedent to the access of the linked file.

In this case, does the "original" file that has no rights given to the world now allow "all rights" by the word to access this linked file "bogus".

I hope that this is not confusing.

In any event, I will appreciate if you could explain with really good examples.
Question by:question
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 14

Accepted Solution

chris_calabrese earned 400 total points
ID: 2011208
To access a file through a particular filesystem name, you must have privelege to follow the filesystem for the path lookup and also to access teh file itself.

Symbolic links operate on the namespace part of the equasion only.  If the file itself does not grant permission for a particular operation, the symbolic link can in no way extend the permissions.

All symbolic links do is change the name the system uses to lookup your file.  For example, if you give /a/b/c and /a/b is a symbolic link to /1/2/3, you will get to /1/2/3/c; however, you'll need permission to look in /a to find the link /a/b, plus permission to read /a/b to find where it points to, and finally permissions on /1, /1/2, /1/2/3, and /1/2/3/c.

So the bottom line is that symbolic links can not allow access where it didn't used to exist.

Author Comment

ID: 2011209

could you give me a more detailed example to be more realistic.  What is coming through is that the access is based on the initial acccess granted to the file that is being linked.

I will appreciate your help.
LVL 14

Expert Comment

ID: 2011210
Yes, to access a file through a symbolic link, you need:

1.  Access to the original file without the symbolic link coming into play.

2.  Access to the symbolic link itself (it's really just a file whose contents are the 'link text', but unlike NT links, there's a special flag to the kernel that it's a link instead of the link being resolved in user-space).

For example, if you don't have access to /a/b/c,
then you don't have access to /d/e/f either if it's a symbolic link to /a/b/c.  Even if you do have access to /a/b/c, you still can't access the same file through the name /d/e/f if you don't have permission to read /d, /d/e, or /d/e/f.
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Expert Comment

ID: 2011211
The systems uses links as a yelow-page. It first looks for the file (inode) that is the simbolic link, so you must have the rigths to acces this file (path access). Once the system grants you to read this file it goes to the path it is written inside and the access control starts again for the new search process, so you have to be granted to acces the destination (final file).


Imagine a link works like a index page.  To reach the file you first look for a name that ha
LVL 51

Expert Comment

ID: 2011212
keep in mind that some UNIXs behave different on symbolic links. Most handle them as any other inode, means they can assign and check the permissions, but some (like AIX), do not allow this, symbolic links always have permissions 777).
On such system you have to take extreme care, if a chmod changes permissions on the inode of the link, or the target it points too (very ugly):

Expert Comment

ID: 6821524
This question was awarded, but never cleared due to the JSP-500 errors of that time.  It was "stuck" against userID -1 versus the intended expert whom you awarded.  This corrects that and the expert will now receive these points, all verified.

Please click on your Member Profile, select "View Question History" to navigate through any open or locked questions you may have to update and finalize them.
Moderator @ Experts Exchange

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. Please see for the updated article. It is avail…
This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question