Change permissions symbolic link Mac OS

4

How do you change the permissions of a system link on Mac OS ?

I tried chmod -h 755 mylink using iTerm2 with zsh, but it didn't work.

varnaud

Posted 2016-07-11T20:39:12.873

Reputation: 187

What didn't work? What happened? What's ls -l mylink before and after chmod. – creidhne – 2016-07-12T08:53:51.520

The before and after look exactly the same, the link was not modified... lrwxrwxrwx 1 varnaud july 6 Jul 12 09:35 mylink -> myfile – varnaud – 2016-07-12T16:40:18.010

Well, I'm stumped. Here's what I get. $ zsh<br>

$ touch myfile $ ln -s myfile mylink $ ls -l myfile mylink -rw-r--r-- 1 user staff 0 Jul 12 17:34 myfile lrwxr-xr-x 1 user staff 6 Jul 12 17:35 mylink -> myfile $ chmod -h 0777 mylink $ ls -l myfile mylink -rw-r--r-- 1 user staff 0 Jul 12 17:34 myfile lrwxrwxrwx 1 user staff 6 Jul 12 17:35 mylink -> myfile

– creidhne – 2016-07-13T00:41:33.253

Well, I made a mess. The short of it is that it worked here in zsh. – creidhne – 2016-07-13T00:58:56.650

The question mentions Mac OS, but your tag is Linux. Are there details you're leaving out or was this just the wrong tag? – fixer1234 – 2016-07-14T00:29:41.680

Answers

4

After I went totally the wrong direction with this problem, allow me to restate the issue involved. Let's look at why symbolic link permissions are meaningless, so changing them or not isn't useful.

I cannot reproduce the problem. On some systems, symlink permissions can't be changed at all. My experience is that Mac OS El Capitan does change symlink permissions in most situations, but the new permissions have no effect.

Conceptually, a change to the permissions of a symlink must have no effect. If accessing a file was as easy as creating a symlink and then changing the permissions of the symlink, no file would be secure.

I found this disclaimer in man 7 symlink:

The flags, access permissions, owner/group and modification time of an existing symbolic link can be changed by means of [system calls]. Of these, only the flags are used by the system; the access permissions and ownership are ignored.

Here's an extreme example.

$ touch myfile
$ ln -s myfile mylink
$ ls -l myfile mylink
-rw-r--r--  1 user  staff  0 Jul 13 14:42 myfile
lrwxr-xr-x  1 user  staff  6 Jul 13 14:43 mylink -> myfile
$ chmod -h 000 mylink
$ ls -l myfile mylink
-rw-r--r--  1 user  staff  0 Jul 13 14:42 myfile
ls: mylink: Permission denied
l---------  1 user  staff  6 Jul 13 14:43 mylink
$ echo 'Hello, world!' > mylink
$ cat mylink
Hello, world!
$ ls -l myfile
-rw-r--r--  1 user  staff  14 Jul 13 14:43 myfile

The symlink has no permissions, but echo and cat follow mylink to myfile. echo writes to myfile and cat reads it, ignoring the symlink permissions. NB: The symlink permissions blocked ls from showing the target of the symlink, but utilities still follow the symlink. Conversely,

$ chmod 000 myfile
$ chmod -h 777 mylink
$ ls -l myfile mylink
----------  1 user  staff  14 Jul 13 14:43 myfile
lrwxrwxrwx  1 user  staff   6 Jul 13 14:43 mylink -> myfile
$ cat mylink
cat: mylink: Permission denied

Rhetorically, isn't this how it has to be?

References (some specific to Mac OS and El Capitan):

  • man 7 symlink
  • ACL MANIPULATION OPTIONS section of man chmod
  • man chflags

creidhne

Posted 2016-07-11T20:39:12.873

Reputation: 1 262

Asked: 2016-07-11T20:39:12.873

Viewed: 3 096 times

Active: 2016-07-14T00:30:39.650