HPE Community
Operating System - HP-UX
1836570 Members
1668 Online
110102 Solutions
New Discussion

Re: Restrict modification of symbolic link

 
SOLVED
Go to solution
Vic S. Kelan
Regular Advisor

‎05-11-2005 04:33 AM

‎05-11-2005 04:33 AM

Restrict modification of symbolic link

Hi Experts,

Please I have a little task i am trying to achieve. I have a couple of clients who FTP to my server (HPUX 11)to:
1)Download files
2)upload files
3)Execute a script that is linked symbolically to for example /bin/magic.
This scrip is in the users home directory and this is what they have access to only when they connect.
I have had instances this symbolic link is "played" with by the user, e.g deleted etc.
How can I restrict this for the file and still enable read/write execute in the user folder...

......this is my first post )-:
0 Kudos
Reply
6 REPLIES 6
Steven E. Protter
Exalted Contributor

‎05-11-2005 04:44 AM

‎05-11-2005 04:44 AM

Re: Restrict modification of symbolic link

Congrats on your first post.

If the other answers have value to you please assign points. None for me.

To your question.

When you create a symbolic link you should be root user.

The permissions should be ownership by root.

If the root umask is 027 or 022 when you run the ln -s command the regular users should not be able to delete the file.

Check ownership on the soft links and make sure root owns it.

chmod og-r

Should correct permission issues on the soft links.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

‎05-11-2005 04:49 AM

‎05-11-2005 04:49 AM

Re: Restrict modification of symbolic link

To SEP's answer I would add
Make sure the user (Not root) is owner or bin of the directory he need access in read/write and chmod 1777 so only the owners of the files can remove them...


All the best
Victor
0 Kudos
Reply
Vic S. Kelan
Regular Advisor

‎05-11-2005 05:47 AM

‎05-11-2005 05:47 AM

Re: Restrict modification of symbolic link

Hi SEP and Victor!

I Checked and found root doesnt own the link, the group the users belong to do!

So just to clarify, once I change ownership to root for the symbolic link. will my users still be able to execute the script? In addition the actual file /bin/magic does not belong to root as well but to the same user group, anything to be done on that? (sorry cant test now on my dev system till later today)

Also Victor am not sure I understand that I make the bin folder to be owned by my users? please could you explain what you mean about chmod to 1777, which directory do u refer? /bin/magic or the symbolic link in the users home directory linking /bin/magic?

thanks!!!!
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

‎05-11-2005 06:16 AM

‎05-11-2005 06:16 AM

Re: Restrict modification of symbolic link

Trying to be clear:
SEP suggests root to be owner of the link , not the file it points to...
My suggestion is that if the users are able to remove the link it is because of the permissions on that very directory the link is in, the chmod 1777 set the sticky bit so everyone can read/write but only remove files they own and since the link is owned by root now...


All the best
Victor
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

‎05-11-2005 06:18 AM

‎05-11-2005 06:18 AM

Solution

Re: Restrict modification of symbolic link

forgot
Im meant "the directory the link is in"


All the best
Victor
Reply
Vic S. Kelan
Regular Advisor

‎05-11-2005 06:28 AM

‎05-11-2005 06:28 AM

Re: Restrict modification of symbolic link

ahhhhh Thanks Victor, the bulb finally shines! ;-)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.