Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is there any way that I can make a symlink readonly, as in non-deletable.
At the moment, even symlinks created as root are deletable by mortal users
Consider this:
Code:
[root@earth andy]# ln -s blabla-1.0.1 testlink
[root@earth andy]# ls -alh testlink
lrwxrwxrwx 1 root root 12 2007-10-20 17:15 testlink -> blabla-1.0.1
[root@earth andy]# exit
exit
[andy@earth ~]$ unlink testlink
[andy@earth ~]$ ls -alh testlink
ls: cannot access testlink: No such file or directory
Changing the attributes on the link, by using chmod only results in the attributes of the destination being changed, not of the actual link.
Since many things in Linux are dependent on symlinks, this looks to be an easy exploit to break a system, just log on as user, and start deleting all the symlinks that
Code:
find -type l
throws at you, including, especially, those found in /dev
Does any one of you know how to make the actual symlink readonly?
Oddly enough, when I look at the properties of a symlink from my desktop, I am shown the permissions of the destination file.
When I do an ls -al, it shows the properties of the symlink itself, which is like you noted: 1rwxrwxrwx.
Best as I can tell, the symlinks created anywhere take on the properties of the actual linked file. Therefore regardless WHO creates a symlink, the symlink itself can be deleted by anyone who had WRITE PERMISSIONS to the location of the symlink, but the actual file itself can't be deleted so easily.
Since most or all of the symlinks lying about a system which the system depends on are in ROOT-WRITEABLE locations, it would seem difficult to do any significant damage to a system by deleting of symlinks by a malicious user. Particularly as an example, symlinks in /dev are subject to the read/write permissions of the /dev folder, and therefore not deletable by regular users.
FWIW I tried to CHMOD and CHOWN a symlink, and the effects of each attempt were transferred to the actual linked file, while the symlink itself remained as it had been.
Last edited by GrapefruiTgirl; 10-20-2007 at 12:22 PM.
To delete a file, the permissions on the file are not actually crucial - instead the permissions of the directory in which the file resides are the important ones. If a user has write permission to a directory, she can move and erase files in that directory, even if they are owned by another user and have file-permissions which prohibit writing by other users (although mv and rm will issue a warning about this if the -f option is not used).
The exception is if the so-called "sticky bit" is set for the directory. In this case, users can only rename and remove files they own. An example of a common place where the sticky bit is set is the /tmp directory.
Code:
% ls -ld .
drwxr-xr-x 15 matthew matthew 4096 2007-10-20 21:41 ./
% id
uid=1000(matthew) gid=1000(matthew) groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),104(scanner),108(lpadmin),110(admin),115(netdev),117(powerdev),1000(matthew)
% sudo touch testfile
% ls -l testfile
-rw-r--r-- 1 root root 0 2007-10-20 21:42 testfile
% rm -f testfile
% ls -l testfile
ls: testfile: No such file or directory
Symlinks do not have their own permissions values, instead they inherit the permissions of the file which they link to. In ls listings symlink permissions are shown as "lrwxrwxrwx". Using the -H option you can ask to see the permissions of the target file.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.