On Sun, Mar 30, 2003 at 03:11:18AM -0500, David Banning wrote:
I have these links from my web directory;
root# cd /usr/local/www/data/fax/
root# ls -l
lrwxr-xr-x 1 root wheel 18 Mar 29 16:37 chantelle - /usr/chantelle/fax
lrwxrwxrwx 1 root wheel 14 Mar 10 00:15 david - /usr/david/fax
I can't change the permissions on them. It's because the permissions
are dependent on the linked directory right? Doesn't seem so;
You can use 'chmod -h' to change the permissions on the link itself. eg.
% ln -s bar baz
/tmp/foo:% ls -la
total 0
-rw-r--r-- 1 matthew wheel0 Mar 30 10:13 bar
lrwxr-xr-x 1 matthew wheel3 Mar 30 10:14 baz@ - bar
% chmod -h 664 baz
% ls -la
total 0
-rw-r--r-- 1 matthew wheel0 Mar 30 10:13 bar
lrw-rw-r-- 1 matthew wheel3 Mar 30 10:14 baz@ - bar
When you open a file or directory via a symbolic link, first you need
sufficient permissions to read the link itself --- think of it as a
tiny little file that simply contains the name of the file that should
really be opened. However, once that has been done, the system
automatically switches to opening the link target instead, and it's
the permissions on the target and its containing directory that have
the most effect practically.
There's a '-h' flag to chown(1) that works equivalently for changing
ownership.
However, in general, you don't need to fiddle with link permissions
and ownership. root:wheel ownership and lrwxrwxrwx permissions will
work just fine.
root# ls -ld /usr/chantelle/fax
drwxrwxrwx 2 chantelle wheel 512 Mar 30 02:26 /usr/chantelle/fax
root# ls -ld /usr/david/fax
drwxrwxrwx 2 david wheel 512 Mar 30 02:40 /usr/david/fax
root#
Even going further upstream doesn't show anything;
root# ls -ld /usr/chantelle
drwxr-xr-x 7 chantelle wheel 1024 Mar 29 23:13 /usr/chantelle
root# ls -ld /usr/david
drwxr-xr-x 68 david wheel 5632 Mar 29 22:23 /usr/david
I am having a problem writing to the top dir shown, (chantelle)
but not the following one (david).
Hmmm... I think you're barking somewhat up the wrong tree here.
Permissions are too lax, if anything --- I'd certainly change the
permissions on those personal fax directories to 755 or 775.
The question is, what is the UID of the process that is attempting to
write to those fax directories? Is it a well known Fax management
package or something home brewed? Either way permissions need to be
controlled. The process either has to have a real UID of root and be
able to set it's effective UID to the owner of the directory (see
seteuid(2)), or it has to belong to the same group as the group
ownership of the directories, and group write permission has to be set
on the directories. In the latter case, it helps to make sure that
any files created also have group write permission or the directory
owner won't be able to modify them.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
pgp0.pgp
Description: PGP signature