Symbolic link not working as expected when changes user
These actions should result with an error message: Permission denied. The directory, /tmp
, has permissions including the sticky bit. The error is a result of the kernel configuration for fs.protected_symlinks
.
To show the setting, sysctl fs.protected_symlinks
. This equals 1
when set. To disable temporarily, which is not recommended, sysctl -w fs.protected_symlinks=0
. To turn off permanently, which is again not recommended, use /etc/sysctl.conf
.
See patchwork.kernel.org for more information.
To avoid link rot, the leading summary paragraphs on symbolic links from the hyperlink follow.
Kees Cook - July 2, 2012, 8:17 p.m.
This adds symlink and hardlink restrictions to the Linux VFS.
Symlinks:
A long-standing class of security issues is the symlink-based time-of-check-time-of-use race, most commonly seen in world-writable directories like /tmp. The common method of exploitation of this flaw is to cross privilege boundaries when following a given symlink (i.e. a root process follows a symlink belonging to another user). For a likely incomplete list of hundreds of examples across the years, please see: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=/tmp
The solution is to permit symlinks to only be followed when outside a sticky world-writable directory, or when the uid of the symlink and follower match, or when the directory owner matches the symlink's owner.
Related videos on Youtube
![Peter Krauss](https://i.stack.imgur.com/ZrS4x.png?s=256&g=1)
Peter Krauss
Hello! I use PostgreSQL, PHP, Javascript, jQuery, HTML, XML, XSLT, and others. 2015 consulting on the following areas, LexML (XML for law): see lexML.gov.br JATS (XML for Science): see NISO's Journal Article Tag Suite HTML+RDFa and Web Semantic ... Corporate Social Responsibility ...
Updated on September 18, 2022Comments
-
Peter Krauss almost 2 years
Symbolic link not working, using standard UBUNTU 16 LTS... It shows "Permission denied" where I expected to get access, not working even after
chown
.Full example:
sudo rm /tmp/file.txt # if exist, remove cd ~ sudo chmod 666 data/file.txt ls -l data/file.txt # "-rw-rw-rw-" as expected more data/file.txt # working fine sudo ln -sf $PWD/data/file.txt /tmp/file.txt # fine ls -l /tmp/file.txt # "lrwxrwxrwx", /tmp/file.txt -> /home/thisUser/file.txt more /tmp/file.txt # fine sudo chown -h postgres:postgres /tmp/file.txt sudo more /tmp/file.txt # NOT WORK! but its is sudo! and 666!
-
thrig over 7 yearsWhat does "NOT WORK" mean?
-
Ali Hassan over 7 yearsI guess what you want is:
sudo chown postgres:postgres /tmp/file.txt
-
-
Peter Krauss over 7 yearshum.. yes
sudo sysctl fs.protected_symlinks
is1
... I trysudo sysctl -w fs.protected_symlinks=0
and ... Perfect!more /tmp/file.txt
works! Ok... As it is danger, rapidlysudo sysctl -w fs.protected_symlinks=1
(and permission denied back as expected)... Well, no other workaround? I can't do acp
for a file that changes all time....