System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

File permissions of symbolic links on Tru64 UNIX

Ray Browder
Advisor

File permissions of symbolic links on Tru64 UNIX

I am only pursuing this because I have started running a mandated security monitoring program that is warining me about the symbolic links.

I've read the various notes about the futility of trying to change the permissions of symbolic links. I accept this.

I've also read the notes about the umask affecting the permissions of the symbolic links. I have not been able to recreate this.

My questions are: I have seen symbolic links on my Tru64 V5.1 and V5.1A systems that are either 755 or 777. How were the 755 symbolic links created? My umask was 022 when I created several symbolic links, but the links came out 777.

I've read the notes about lchmod, this is not on Tru64 as a command or in the libraries. (It is on HP-UX, FreeBSD, others?)

I have tried this on several other UNIX systems: Solaris, IRIX, AIX, and Linux(Alpha). Only on the IRIX system does the umask affect the permissions of the symbolic link. The other systems set the permissions to 777.

Thanks,
Ray
5 REPLIES
Michael Schulte zur Sur
Honored Contributor

Re: File permissions of symbolic links on Tru64 UNIX

Hi,

I would assume, that they are only created by the installation and probably by mistake. chmod does not change access. I wonder, why your programme would see 777 on links as risk. The access on the file pointed to should be regulated by it's access and you can't delete a link, if you do not have the right to delete in the directory.

greetings,

Michael
Ann Majeske
Honored Contributor

Re: File permissions of symbolic links on Tru64 UNIX

Hi Ray,

There was a bug such that Default ACLs would affect the permissions set on symbolic links. I don't remember if the fix for this bug went into the current or next patch kit for V5.1A and V5.1B. But, it really doesn't matter. Tru64 UNIX IGNORES the permissions set on a symbolic link. It always acts as if the permissions on the symbolic link are 777 and only uses the permissions of the target of the link.

Ann
Ray Browder
Advisor

Re: File permissions of symbolic links on Tru64 UNIX

On HP-UX, IRIX, and Free-BSD the symbolic link permissions are either not forced to 777 or are changeable with lchmod. I suspect that this is part of the reason why the 777 permissions are considered to be a problem.

I wonder how a mistake could be made that would set the symbolic link permissions to 755.

I suspect I will have to explain why links are set to 777. The existance of 755 links doesn't help.

Regards,
Ray
Ray Browder
Advisor

Re: File permissions of symbolic links on Tru64 UNIX

I think I've found an answer from the web.

I wrote a quick C program using the symlink(2) subroutine. It has enabled me to create symbolic links with permissions other than 777.

Simlink(2) uses the umask, while ln(1) ignores it for symbolic links.

Does anyone know why ln(1) ignores the umask?

Is there anything in Tru64 that depends on the symbolic link permissions being set to 777?

Thanks,
Ray
Ray Browder
Advisor

Re: File permissions of symbolic links on Tru64 UNIX

One more thing (then I'll stop, really. :).

I did a find for ln on my system. I found four ln files. Of the four files, two are identical.

Of these files, only one version follows the umask. It is: /usr/opt/s5/bin/ln

The four ln's are:

/bin/ln
/sbin/ln
/usr/bin/ln
/usr/opt/s5/bin/ln

Regards,
Ray