4

Question:

Why am I not able to cd into a symlinked directory with 700 permissions, owned by a regular user, as root, when I am able to change into the directory itself?

Example:

ttucker@plato:/tmp# uname -a
Linux plato 4.4.0-140-generic #166~14.04.1-Ubuntu SMP Sat Nov 17 01:52:43 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

ttucker@plato:/tmp$ whoami
ttucker
ttucker@plato:/tmp$ mkdir -v test_dir
mkdir: created directory ‘test_dir’
ttucker@plato:/tmp$ chmod -v 700 test_dir
mode of ‘test_dir’ changed from 0775 (rwxrwxr-x) to 0700 (rwx------)
ttucker@plato:/tmp$ ln -s -v test_dir/ test_sym
‘test_sym’ -> ‘test_dir/’
ttucker@plato:/tmp$ ls -ld test_*
drwx------ 2 ttucker ttucker 4096 Mar 21 10:29 test_dir
lrwxrwxrwx 1 ttucker ttucker    9 Mar 21 10:29 test_sym -> test_dir/

ttucker@plato:/tmp$ sudo su -
root@plato:~# whoami
root
root@plato:~# cd /tmp/test_sym/
-su: cd: /tmp/test_sym/: Permission denied
root@plato:~# cd /tmp/test_dir/
root@plato:/tmp/test_dir# pwd
/tmp/test_dir

Other information:

This also happens on Redhat.

Jeff Schaller
  • 67,283
  • 35
  • 116
  • 255
Tim
  • 191
  • 1
    This is https://unix.stackexchange.com/q/336625/5132 and https://unix.stackexchange.com/q/253959/5132 again. See also https://unix.stackexchange.com/a/506041/5132 . – JdeBP Mar 21 '19 at 18:50
  • @JdeBP Thanks! Once I knew what to look for it was easy to find :) – Tim Mar 21 '19 at 20:43

1 Answers1

5

I couldn't find the answer here so I wanted to put this here for other people.

Answer:

The behavior here depends on the setting of /proc/sys/fs/protected_symlinks

root@plato:/tmp# cat /proc/sys/fs/protected_symlinks 
1

See also:

RedHat Bug 1034239 - root cannot deference symbolic links owned by another user

https://bugzilla.redhat.com/show_bug.cgi?id=1034239

Tim
  • 191