Why can’t I change permission on a symlink on Mac

macintoshpermissions

Simple question and there is perhaps a simple answer.

I have several directories in my home folder that I would like to make available as a directory on my webserver. So, what I did was to create a symlink:

iMac:/Library/WebServer/Documents/ ls -ltr
-rw-rw-r--  1 root      admin     44 Nov 20  2004 index.html.en
-rw-rw-r--  1 root      admin  31958 May 18  2009 PoweredByMacOSXLarge.gif
-rw-rw-r--  1 root      admin   3726 May 18  2009 PoweredByMacOSX.gif
-rwxr-xr-x  1 mego  admin      0 Jan  6  2011 favicon.ico
lrwxrwxr-x  1 mego  admin     52 Jul 26 13:45 myadmin -> /Users/mego/Downloads/phpMyAdmin-3.4.3.2-english
iMac:/Library/WebServer/Documents/ ln -s /Users/mego/opt/rel/src/main/web/ rel
iMac:/Library/WebServer/Documents/ ls -ltr
-rw-rw-r--  1 root      admin     44 Nov 20  2004 index.html.en
-rw-rw-r--  1 root      admin  31958 May 18  2009 PoweredByMacOSXLarge.gif
-rw-rw-r--  1 root      admin   3726 May 18  2009 PoweredByMacOSX.gif
-rwxr-xr-x  1 mego  admin      0 Jan  6  2011 favicon.ico
lrwxrwxr-x  1 mego  admin     52 Jul 26 13:45 myadmin -> /Users/mego/Downloads/phpMyAdmin-3.4.3.2-english
lrwxrwx---  1 mego  admin     47 Oct 12 09:58 rel -> /Users/mego/opt/rel/src/main/web/

Permissions on /Users/mego/opt/rel are recursively set to a+rx so everybody can read and execute.

When I try to change the permission, i.e. "chmod a+rx rel" and "chmod -R a+rx /Users/mego/opt/rel", zero effect.

The output of

ls -ld / /Users /Users/mego /Users/mego/opt /Users/mego/opt/rel /Users/mego/opt/rel/src /Users/mego/opt/rel/src/main /Users/mego/opt/rel/src/main/web

iMac:~/ ls -ld / /Users /Users/mego /Users/mego/opt /Users/mego/opt/rel /Users/mego/opt/rel/src /Users/mego/opt/rel/src/main /Users/mego/opt/rel/src/main/web
drwxrwxr-t@ 39 root      admin  1394 Sep 14 15:30 /
drwxr-xr-x   7 root      admin   238 Aug 29 10:04 /Users
drwxr-xr-x+ 98 mego  staff  3332 Oct 15 10:59 /Users/mego
drwxrwxr-x  19 mego  staff   646 Oct 14 20:47 /Users/mego/opt/rel
drwxrwxr-x   5 mego  staff   170 May 31 08:01 /Users/mego/opt/rel/src
drwxrwxr-x   6 mego  staff   204 Oct 12 08:42 /Users/mego/opt/rel/src/main
drwxrwxr-x   5 mego  staff   170 Oct 12 08:42 /Users/mego/opt/rel/src/main/web
iMac:~/

Must be something related to users home folder. But strangely enough, another folder "myadmin" has correct permissions and it works. What am I doing wrong?

Thank you in advance.

Best Answer

/Users/mego has an ACL that may be preventing access. That's what the + after the traditional unix permissions on the output of ls -l for this directory indicates. Run ls -lde /Users/mego to view this ACL.

Note that if a user is denied access to /Users/mego (what matters is the executable bit), it won't have access to anything under it. So if the web server user doesn't have execution permission /Users/mego, it doesn't matter that /Users/mego/opt/rel is world-readable: the web server user won't be able to reach that far. It doesn't matter that a symbolic link is involved, either: access through a symbolic link involves traversing the path to the target.

Use chmod to manipulate the ACL. The examples in the man page should get you going (if you can't figure out what you need from the examples, ask here, and post the output of ls -lde /Users/mego).

Related Solutions

File Permissions – How to Change File Permissions on USB Drive

Yes, this can occur if your device is formatted with a filesystem that does not support that kind of permission setting, such as VFAT. In those cases, the umask is made up on the fly from a setting in the fstab (or the hotplugging equivalent).

See, most probably, man mount for details. For example, for VFAT, we find:

Mount options for fat

uid=value and gid=value

Set the owner and group of all files. (Default: the uid and gid of the current process.)

umask=value

Set the umask (the bitmask of the permissions that are not present). The default is the umask of the current process. The value is given in octal.

etc.

Permissions Symlink – How to Change Symlink Permissions

Some systems support changing the permission of a symbolic link, others do not.

chmod -- change file modes or Access Control Lists (OSX and FreeBSD, using -h)

-h If the file is a symbolic link, change the mode of the link itself rather than the file that the link points to.
chmod - change file mode bits (Linux)

chmod never changes the permissions of symbolic links; the chmod system call cannot change their permissions. This is not a problem since the permissions of symbolic links are never used. However, for each symbolic link listed on the command line, chmod changes the permissions of the pointed-to file. In contrast, chmod ignores symbolic links encountered during recursive directory traversals.

Since the feature differs, POSIX does not mention the possibility.

From comments, someone suggests that a recent change to GNU coreutils provides the -h option. At the moment, that does not appear in the source-code for chmod:

  while ((c = getopt_long (argc, argv,
                           ("Rcfvr::w::x::X::s::t::u::g::o::a::,::+::=::"
                            "0::1::2::3::4::5::6::7::"),
                           long_options, NULL))

and long_options has this:

static struct option const long_options[] =
{
  {"changes", no_argument, NULL, 'c'},
  {"recursive", no_argument, NULL, 'R'},
  {"no-preserve-root", no_argument, NULL, NO_PRESERVE_ROOT},
  {"preserve-root", no_argument, NULL, PRESERVE_ROOT},
  {"quiet", no_argument, NULL, 'f'},
  {"reference", required_argument, NULL, REFERENCE_FILE_OPTION},
  {"silent", no_argument, NULL, 'f'},
  {"verbose", no_argument, NULL, 'v'},
  {GETOPT_HELP_OPTION_DECL},
  {GETOPT_VERSION_OPTION_DECL},
  {NULL, 0, NULL, 0}
};

Permissions are set with chmod. Ownership is set with chown. GNU coreutils (like BSD) supports the ability to change a symbolic link's ownership. This is a different feature, since the ownership of a symbolic link is related to whether one can modify the contents of the link (and point it to a different target). Again, this started as a BSD feature (OSX, FreeBSD, etc), which is also supported with Linux (and Solaris, etc). POSIX says of this feature:

-h
For each file operand that names a file of type symbolic link, chown shall attempt to set the user ID of the symbolic link. If a group ID was specified, for each file operand that names a file of type symbolic link, chown shall attempt to set the group ID of the symbolic link.

So much for the command-line tools (and shell scripts). However, you could write your own utility, using a feature of POSIX which is not mentioned in the discussion of the chmod utility:

int chmod(const char *path, mode_t mode);
int fchmodat(int fd, const char *path, mode_t mode, int flag);

The latter function adds a flag parameter, which is described thus:

Values for flag are constructed by a bitwise-inclusive OR of flags from the following list, defined in <fcntl.h>:

AT_SYMLINK_NOFOLLOW
If path names a symbolic link, then the mode of the symbolic link is changed.

That is, the purpose of fchmodat is to provide the feature you asked about. But the command-line chmod utility is documented (so far) only in terms of chmod (without this feature).

fchmodat, by the way, appears to have started as a poorly-documented feature of Solaris which was adopted by the Red Hat and GNU developers ten years ago, and suggested by them for standardization:

According to The Linux Programming Interface, since 2.6.16, Linux supports AT_SYMLINK_NOFOLLOW in these calls: faccessat, fchownat, fstatat, utimensat, and linkat was implemented in 2.6.18 (both rather "old": 2006, according to OSNews).

Whether the feature is useful to you, or not, depends on the systems that you are using.

Best Answer

Related Solutions

File Permissions – How to Change File Permissions on USB Drive

Permissions Symlink – How to Change Symlink Permissions

Related Question