I have 2 users in my machine: linuxlite and otheruser.
otheruser has a file:
otheruser@linuxlite:~$ ls -l a
-rw-rw-r-- 1 otheruser otheruser 6 Mar 31 12:47 a
otheruser@linuxlite:~$ cat a
hello
linuxlite made a file and a symlink in /tmp:
otheruser@linuxlite:~$ ls -l /tmp/file /tmp/link
-rw-rw-r-- 1 linuxlite linuxlite 3 Mar 31 12:49 /tmp/file
lrwxrwxrwx 1 linuxlite linuxlite 17 Mar 31 12:49 /tmp/link -> /home/otheruser/a
Now, although otheruser can read /tmp/file and /home/otheruser/a, he cannot read /tmp/link:
otheruser@linuxlite:~$ cat /tmp/file
hi
otheruser@linuxlite:~$ cat /home/otheruser/a
hello
otheruser@linuxlite:~$ cat /tmp/link
cat: /tmp/link: Permission denied
My question is, why cannot otheruser read a symlink owned by linuxlite if he can read the target and also another file owned by him in the same directory as the symlink?
If it matters, then the permissions on /tmp are:
otheruser@linuxlite:~$ ls -l -d /tmp
drwxrwxrwt 9 root root 4096 Mar 31 13:17 /tmp
Distribution is Linux Lite 3.0, kernel is: Linux 4.4.0-21.generic (i686)
Best Answer
Linux Lite is based on Ubuntu, which restricts symlinks in world-writable sticky directories (including
/tmp): symlinks there can only be dereferenced by their owner.If you create the symlink elsewhere (in
/home/linuxlitefor example) you’ll be able to dereference it in the way you expect.(Ubuntu isn’t the only distribution to behave in this way; I mentioned the connection between Linux Lite and Ubuntu because the documentation for this is seemingly Ubuntu-specific.)