- 1Introduction
- 2Classic Permissions
- 3Simultaneous User- and Group-Ownership
- 4Restricted Delegation
- 5Absolute Paths and Path Components
- 6Directory Write-Permissions
- 7Directory Execute-Permissions
- 8Symbolic Links
- 9Hard Links
- 10"Does User X have Access to File Y?"
- 11Observations and Caveats
- 12A Partial Test Procedure
Symbolic Links
A user can create symbolic links in a directory with write permissions; they can point to arbitrary locations in the directory tree.
If a symbolic link is accessed, it is de-referenced to the path it points to. If accessing the file or directory the symbolic link points to, the access restrictions of that file or directory apply.
To test this, create a symbolic link to the plain file „test“ outside of „component1“:
ln -s /tmp/component1/component2/test /tmp/test-symlink
An attempt to access the file via symbolic link as unprivileged user fails:
sudo -u user3 cat /tmp/test-symlink
cat: /tmp/test-symlink: Permission denied
If a symbolic link points to a resource that does not exist or can not be accessed by the current user, the symbolic link will be reported to that user as „broken“.