I have 2 users in my machine: linuxlite
and otheruser
.
otheruser
has a file:
otheruser@linuxlite:~$ ls -l a
-rw-rw-r-- 1 otheruser otheruser 6 Mar 31 12:47 a
otheruser@linuxlite:~$ cat a
hello
linuxlite
made a file and a symlink in /tmp
:
otheruser@linuxlite:~$ ls -l /tmp/file /tmp/link
-rw-rw-r-- 1 linuxlite linuxlite 3 Mar 31 12:49 /tmp/file
lrwxrwxrwx 1 linuxlite linuxlite 17 Mar 31 12:49 /tmp/link -> /home/otheruser/a
Now, although otheruser
can read /tmp/file
and /home/otheruser/a
, he cannot read /tmp/link
:
otheruser@linuxlite:~$ cat /tmp/file
hi
otheruser@linuxlite:~$ cat /home/otheruser/a
hello
otheruser@linuxlite:~$ cat /tmp/link
cat: /tmp/link: Permission denied
My question is, why cannot otheruser
read a symlink owned by linuxlite
if he can read the target and also another file owned by him in the same directory as the symlink?
If it matters, then the permissions on /tmp
are:
otheruser@linuxlite:~$ ls -l -d /tmp
drwxrwxrwt 9 root root 4096 Mar 31 13:17 /tmp
Distribution is Linux Lite 3.0, kernel is: Linux 4.4.0-21.generic (i686)
Best Answer
Linux Lite is based on Ubuntu, which restricts symlinks in world-writable sticky directories (including
/tmp
): symlinks there can only be dereferenced by their owner.If you create the symlink elsewhere (in
/home/linuxlite
for example) you’ll be able to dereference it in the way you expect.(Ubuntu isn’t the only distribution to behave in this way; I mentioned the connection between Linux Lite and Ubuntu because the documentation for this is seemingly Ubuntu-specific.)