Re: copying files to a directory using symbolic link in linux

r.e.ballard_at_usa.net
Date: 11/16/05 

Date: 16 Nov 2005 14:31:28 -0800

The short answer is "No".

In fact, it is just this type of "hacking" that is deliberately
prevented.

If your user is a member of a group, and that group has traverse (x)
permission on each of the directories in the path, and read access to
the actual file, then he can access using a symbolic link in /tmp.

If any portion of the path is blocked, and the user's group does not
have x permission, and there is no x permission to "others", then they
will be blocked.

This is very deliberate design and intended to keep people from doing
exactly what you have described above.

In other responses, there are very specific ways to give very specific
permissions to specific users or groups of users, but these must be
explicitly granted.

Think about it, if the file your friend was trying to access is YOUR
checking account, would you really want him to access it using a
symbolic link or mount simply because he had permission to a public
directory?

Let's make it more interesting. He has access to the account
information in that file, and you've just gotten your annual bonus. Do
you really want him buying himself a new HDTV using your credit card
and checking account information?

If the owner of this path didn't give you permission, you probably
don't want to be even attempting to create that symbolic link. Keep in
mind that if the Linux administrator has turned on accounting, and you
try to set up that link, and you try to access the protected file, the
log will show when you logged in, what IP address you came in from,
what user you were logged in as, when you created the symbolic link,
and the access violation. If this IP can be traced back to your ISP
and your ISP can trace the NAT address back to you - you could end up
in serious trouble.

You are trying to access confidential messages between members of the
purchasing department. That would probably be grounds for felony
computer trespassing, which can carry a 5 year prison term - just for
ATTEMPTING to break in.

Do you feel lucky?

Relevant Pages

  • Re: copying files to a directory using symbolic link in linux
    ... If your user is a member of a group, and that group has traverse ... then he can access using a symbolic link in /tmp. ... have x permission, and there is no x permission to "others", then they ... He has access to the account ...
    (comp.os.linux.misc)
  • RE: OWA Exchange 2007 - Client Access
    ... Add User A account to the list. ... Highlight User A account and assign the Send As and Receive As permission ... If a user account is a member of one of these administrative groups because ... 2.Please capture the screenshot of OWA logon when the user keeps getting ...
    (microsoft.public.exchange.connectivity)
  • Re: Administrators Account cannot install updates and programs (Administrator can)
    ... More than likely the administrator account has a user right or permission ... account to see if it is a member of groups other than users/administrators. ...
    (microsoft.public.win2000.security)
  • RE: OWA Exchange 2007 - Client Access
    ... Do you access the "room" mailbox or the problematic user's mailbox itself ... when the user keeps getting prompted for logon credencials. ... Add User A account to the list. ... Highlight User A account and assign the Send As and Receive As permission ...
    (microsoft.public.exchange.connectivity)
  • Re: Validate user permission
    ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... authenticated user can modify a given attribute (member is the one you ... there is an advanced permission called "Write ...
    (microsoft.public.dotnet.security)