例如,我有一个权限为770的foo.sh文件。当我执行以下操作时:
ln -s foo.sh bar.sh
链接bar.sh有2777权限。为什么会这样?我以为它们应该被继承吗?
符号链接的权限基本上是不重要的。它们通常是777,由umask设置修改。
POSIX标准中symlink()
的说明如下:
创建的符号链接的文件模式位的值是未指定的。POSIX.1-2008规定的所有接口都应该表现得好像始终可以读取符号链接的内容,但stat结构体的
st_mode
字段返回的文件模式位的值未指定。
POSIX提供了一个lchown()
系统调用;它不提供函数。lchmod()
(在我的MacOS X 10.7.1上,使用umask 022新创建的符号链接以755权限结束;使用umask 002,权限以775结束。因此,观察到链接以770、700等权限创建可能是准确的;权限设置仍然不重要,不影响符号链接的可用性。)
On Linux (RHEL 5 for x86_64; kernel 2.6.18-128.el5), I only get to see 777 permissions on a symlink when it is created:
$ (ls -l xx.pl; umask 777; ln -s xx.pl pqr; ls -l xx.pl pqr)
-rw-r--r-- 1 jleffler rd 319 2011-09-05 22:10 xx.pl
lrwxrwxrwx 1 jleffler rd 5 2011-09-21 10:16 pqr -> xx.pl
-rw-r--r-- 1 jleffler rd 319 2011-09-05 22:10 xx.pl
$
I ran that in a sub-shell so the umask setting was not permanent.
On MacOS X (10.7.1), I get to see variable permissions on a symlink:
$ (ls -l xxx.sql; umask 777; ln -s xxx.sql pqr; ls -l xxx.sql pqr)
-rw-r--r-- 1 jleffler staff 1916 Jun 9 17:15 xxx.sql
ls: pqr: Permission denied
l--------- 1 jleffler staff 7 Sep 21 10:18 pqr
-rw-r--r-- 1 jleffler staff 1916 Jun 9 17:15 xxx.sql
$
Note that this is the same command sequence (give or take the file name) linked to.
On MacOS X, the chmod
command has an option -h
to change the permissions on a symlink itself:
-h
If the file is a symbolic link, change the mode of the link itself rather than the file that the link points to.
On MacOS X, the permissions on the symlink matter; you can't read the symlink unless you have read permission on the symlink (or you're root). Hence the error in the ls
output above. And readlink
failed. Etc.
On MacOS X, chmod -h 100 pqr
(execute) allows me to use the link (cat pqr
works) but not to read the link. By contrast, chmod -h 400 pqr
allows me to both read the link and use the link. And for completeness, chmod -h 200 pqr
allows me to use the link but not to read it. I assume, without having formally tested, the similar rules apply to group and other.
On MacOS X, then, it seems that read or write permission on a symlink allows you to use it normally, but execute permission alone means you cannot find where the link points (readlink(2)
fails) even though you can access the file (or, presumably, directory) at the other end of the link.
MacOS X的行为是对POSIX所规定行为的扩展,或者说是违背了POSIX所规定的行为。这使得生活稍微有些复杂。这意味着你必须确保任何应该使用该链接的人都有使用权限。这通常很简单(umask 022
意味着情况将是如此)。
在MacOS X上,chown -h
的底层系统调用是setattrlist(2)
。
http://en.wikipedia.org/wiki/Symbolic_link
符号链接的文件系统权限通常只与链接本身的重命名或删除操作有关,而与目标文件的访问模式无关,目标文件的访问模式由其自身权限控制。
链接的权限仅限于链接本身,指向的内容仍然有它自己的权限。
foo.sh
的内容吗?我怀疑不行。 - Blender