Once upon a time, seth vidal <skvi...@fedoraproject.org> said: > On Wed, 13 Mar 2013 14:52:37 -0400 > Daniel J Walsh <dwa...@redhat.com> wrote: > > sysctl -a | grep protected > > fs.protected_hardlinks = 0 > > fs.protected_symlinks = 0 > > I apologize for the ignorance - but what do these _do_. > > (please don't say they protect your hardlinks and symlinks) - I mean > what does 'protected' mean in this context.
I remember when these were discussed on linux-kernel, and I thought they had some fairly small use cases (not really intended for a general purpose system). However, that's been a while, so off to Google... https://lwn.net/Articles/503660/ The symlink bit stops following of symlinks in sticky, world-writable directories, except when the UID of the symlink and process match, or when the UID of the symlink and the directory match. So, user 123 could create a symlink in /tmp and follow it (but nobody else could), or root could create a symlink in /tmp that everybody could follow. I didn't find a detailed description of the hardlink protection right off, however it did apparently break existing programs, so it was disabled by default. -- Chris Adams <cmad...@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
