Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 27 Jul 2011 08:57:27 -0700
From:      perryh@pluto.rain.com
To:        s@samu.pl
Cc:        freebsd-hackers@freebsd.org, rwatson@freebsd.org
Subject:   Re: Finding symlink information in MAC Framework
Message-ID:  <4e303567.2SHj2vERr0n8Op6Q%perryh@pluto.rain.com>
In-Reply-To: <cdf7c352c5d4a2edc308a6e1ab7d63c0@samu.pl>
References:  <c0c76b43d88b48a8b354df409b5167e5@samu.pl> <alpine.BSF.2.00.1107250942340.51541@fledge.watson.org> <cdf7c352c5d4a2edc308a6e1ab7d63c0@samu.pl>
next in thread | previous in thread | raw e-mail | index | archive | help 
s <s@samu.pl> wrote:

> ... I am trying to compare the owner of the symlink to the owner
> of what the symlink points to ... At first I was trying to check
> wheter some user is trying to create such a symlink ...

I've always considered the "ownership" and "permissions" of a
symlink to be an artifact of the implementation, rather than
having any real significance.

Symlinks did not exist in Bell Labs Unix, at least as of
6th edition.  IIUC they were invented at UCB to get around
the limitation that a hard link could not cross a physical
filesystem boundary (i.e. a mount point); symlinks would
not have been needed had the entire logical filesystem been
contained on a single, unpartitioned physical device because
hard links could have been used instead.

A hard link has no ownership or permissions of its own:  it is
just an additional directory entry pointing to the same inode
as the target's original directory entry.  (The permissions are
stored in the inode, not in the directory entry.)

Because the target of a symlink is (in the general case) not
in the same physical filesystem as the symlink itself, the
symlink has to be stored in its own inode -- and that inode,
like any other, has "ownership" and "permission" fields which
will inevitably contain some pattern of bits -- but it's not
clear to me that anything is gained by assigning a meaning to
those patterns.

Getting back to the original problem, suppose you had no mounted
filesystems (other than special cases like devfs or /proc), the
entire logical filesystem tree being stored on a single device, so
that any file on the system could be hard-linked into any directory
on the system.  How would you detect that "some user" had created a
_hard_ link to some arbitrary file?

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4e303567.2SHj2vERr0n8Op6Q%perryh>