Once upon a time, seth vidal <skvidal@xxxxxxxxxxxxxxxxx> said: > On Wed, 13 Mar 2013 14:52:37 -0400 > Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > > sysctl -a | grep protected > > fs.protected_hardlinks = 0 > > fs.protected_symlinks = 0 > > I apologize for the ignorance - but what do these _do_. > > (please don't say they protect your hardlinks and symlinks) - I mean > what does 'protected' mean in this context. I remember when these were discussed on linux-kernel, and I thought they had some fairly small use cases (not really intended for a general purpose system). However, that's been a while, so off to Google... https://lwn.net/Articles/503660/ The symlink bit stops following of symlinks in sticky, world-writable directories, except when the UID of the symlink and process match, or when the UID of the symlink and the directory match. So, user 123 could create a symlink in /tmp and follow it (but nobody else could), or root could create a symlink in /tmp that everybody could follow. I didn't find a detailed description of the hardlink protection right off, however it did apparently break existing programs, so it was disabled by default. -- Chris Adams <cmadams@xxxxxxxxxx> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
