I issued recently a problem when using symlinks. I don't understand how to create a symlink to a file that can by read by anyone.
Here is a (simplified) example I ran in docker, from a ubuntu image:
useradd alice
useradd bob
su -c bash alice
cd /tmp
echo "blabla" > README.txt
chmod 555 README.txt
exit
su -c bash bob
cd /tmp
Now, thanks to the permissions I set, bob can read README.txt:
bob:/tmp$ cat README.txt
blabla
bob:/tmp$ ls -l
-r-xr-xr-x 1 alice alice 7 Apr 2 12:11 README.txt
Now bob creates a symbolic link to README.txt:
bob:/tmp$ ln -s README.txt link
bob:/tmp$ ls -l
-r-xr-xr-x 1 alice alice 7 Apr 2 12:11 README.txt
lrwxrwxrwx 1 bob bob 10 Apr 2 12:17 link -> README.txt
bob:/tmp$ cat link
blabla
And finally, let's log as alice and try to read bob's symlink:
EDIT: here I execute the command as alice (and not bob, I did a mistake in the original post)
alice:/tmp$ ls -l
-r-xr-xr-x 1 alice alice 7 Apr 2 12:26 README.txt
lrwxrwxrwx 1 bob bob 10 Apr 2 12:29 link -> README.txt
alice:/tmp$ cat link
cat: link: Permission denied
I don't understand why I can't read this symlink, because I have all the rights required to read README.txt and link itself.
I created a docker image if you want to hack a bit around with my problem, it's available here
You just have to pull and run the image:
docker run -it atxr/symlink-test:latest /bin/bash
I tried to search in the symlink documentation, and found out that its permissions should be the same than the actual path it points to.
I also paid attention to the folder rights (the x/X permission), /tmp in this case, to see if alice is actually able to resolve the path.
I'm really confused about this behavior and wonder how can I create a symlink to a file that can be read by anyone else.
