Symbolic link not working as expected when changes user

permissions root symlink chown tmp

5,738

These actions should result with an error message: Permission denied. The directory, /tmp, has permissions including the sticky bit. The error is a result of the kernel configuration for fs.protected_symlinks.

To show the setting, sysctl fs.protected_symlinks. This equals 1 when set. To disable temporarily, which is not recommended, sysctl -w fs.protected_symlinks=0. To turn off permanently, which is again not recommended, use /etc/sysctl.conf.

See patchwork.kernel.org for more information.

To avoid link rot, the leading summary paragraphs on symbolic links from the hyperlink follow.

Kees Cook - July 2, 2012, 8:17 p.m.

This adds symlink and hardlink restrictions to the Linux VFS.

Symlinks:

A long-standing class of security issues is the symlink-based time-of-check-time-of-use race, most commonly seen in world-writable directories like /tmp. The common method of exploitation of this flaw is to cross privilege boundaries when following a given symlink (i.e. a root process follows a symlink belonging to another user). For a likely incomplete list of hundreds of examples across the years, please see: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=/tmp

The solution is to permit symlinks to only be followed when outside a sticky world-writable directory, or when the uid of the symlink and follower match, or when the directory owner matches the symlink's owner.

5,738

Peter Krauss

Hello! I use PostgreSQL, PHP, Javascript, jQuery, HTML, XML, XSLT, and others. 2015 consulting on the following areas, LexML (XML for law): see lexML.gov.br JATS (XML for Science): see NISO's Journal Article Tag Suite HTML+RDFa and Web Semantic ... Corporate Social Responsibility ...

Updated on September 18, 2022

Comments

Peter Krauss almost 2 years

Symbolic link not working, using standard UBUNTU 16 LTS... It shows "Permission denied" where I expected to get access, not working even after chown.

Full example:

sudo rm /tmp/file.txt  # if exist, remove

cd ~
sudo chmod 666 data/file.txt
ls -l data/file.txt    # "-rw-rw-rw-" as expected
more data/file.txt     # working fine
sudo ln -sf $PWD/data/file.txt /tmp/file.txt  # fine
ls -l /tmp/file.txt    # "lrwxrwxrwx",  /tmp/file.txt -> /home/thisUser/file.txt
more /tmp/file.txt     # fine

sudo chown -h postgres:postgres /tmp/file.txt

sudo more /tmp/file.txt   #  NOT WORK! but its is sudo! and 666!

thrig over 7 years

What does "NOT WORK" mean?
Ali Hassan over 7 years

I guess what you want is: sudo chown postgres:postgres /tmp/file.txt

Peter Krauss over 7 years

hum.. yes sudo sysctl fs.protected_symlinks is 1... I try sudo sysctl -w fs.protected_symlinks=0 and ... Perfect! more /tmp/file.txt works! Ok... As it is danger, rapidly sudo sysctl -w fs.protected_symlinks=1 (and permission denied back as expected)... Well, no other workaround? I can't do a cp for a file that changes all time....