1SYMLINK(7) Linux Programmer's Manual SYMLINK(7)
2
3
4
6 symlink - symbolic link handling
7
9 Symbolic links are files that act as pointers to other files. To un‐
10 derstand their behavior, you must first understand how hard links work.
11
12 A hard link to a file is indistinguishable from the original file be‐
13 cause it is a reference to the object underlying the original filename.
14 (To be precise: each of the hard links to a file is a reference to the
15 same inode number, where an inode number is an index into the inode ta‐
16 ble, which contains metadata about all files on a filesystem. See
17 stat(2).) Changes to a file are independent of the name used to refer‐
18 ence the file. Hard links may not refer to directories (to prevent the
19 possibility of loops within the filesystem tree, which would confuse
20 many programs) and may not refer to files on different filesystems (be‐
21 cause inode numbers are not unique across filesystems).
22
23 A symbolic link is a special type of file whose contents are a string
24 that is the pathname of another file, the file to which the link
25 refers. (The contents of a symbolic link can be read using read‐
26 link(2).) In other words, a symbolic link is a pointer to another
27 name, and not to an underlying object. For this reason, symbolic links
28 may refer to directories and may cross filesystem boundaries.
29
30 There is no requirement that the pathname referred to by a symbolic
31 link should exist. A symbolic link that refers to a pathname that does
32 not exist is said to be a dangling link.
33
34 Because a symbolic link and its referenced object coexist in the
35 filesystem name space, confusion can arise in distinguishing between
36 the link itself and the referenced object. On historical systems, com‐
37 mands and system calls adopted their own link-following conventions in
38 a somewhat ad-hoc fashion. Rules for a more uniform approach, as they
39 are implemented on Linux and other systems, are outlined here. It is
40 important that site-local applications also conform to these rules, so
41 that the user interface can be as consistent as possible.
42
43 Magic links
44 There is a special class of symbolic-link-like objects known as "magic
45 links", which can be found in certain pseudofilesystems such as proc(5)
46 (examples include /proc/[pid]/exe and /proc/[pid]/fd/*). Unlike normal
47 symbolic links, magic links are not resolved through pathname-expan‐
48 sion, but instead act as direct references to the kernel's own repre‐
49 sentation of a file handle. As such, these magic links allow users to
50 access files which cannot be referenced with normal paths (such as un‐
51 linked files still referenced by a running program ).
52
53 Because they can bypass ordinary mount_namespaces(7)-based restric‐
54 tions, magic links have been used as attack vectors in various ex‐
55 ploits.
56
57 Symbolic link ownership, permissions, and timestamps
58 The owner and group of an existing symbolic link can be changed using
59 lchown(2). The only time that the ownership of a symbolic link matters
60 is when the link is being removed or renamed in a directory that has
61 the sticky bit set (see stat(2)).
62
63 The last access and last modification timestamps of a symbolic link can
64 be changed using utimensat(2) or lutimes(3).
65
66 On Linux, the permissions of an ordinary symbolic link are not used in
67 any operations; the permissions are always 0777 (read, write, and exe‐
68 cute for all user categories), and can't be changed.
69
70 However, magic links do not follow this rule. They can have a non-0777
71 mode, though this mode is not currently used in any permission checks.
72
73 Obtaining a file descriptor that refers to a symbolic link
74 Using the combination of the O_PATH and O_NOFOLLOW flags to open(2)
75 yields a file descriptor that can be passed as the dirfd argument in
76 system calls such as fstatat(2), fchownat(2), fchmodat(2), linkat(2),
77 and readlinkat(2), in order to operate on the symbolic link itself
78 (rather than the file to which it refers).
79
80 By default (i.e., if the AT_SYMLINK_FOLLOW flag is not specified), if
81 name_to_handle_at(2) is applied to a symbolic link, it yields a handle
82 for the symbolic link (rather than the file to which it refers). One
83 can then obtain a file descriptor for the symbolic link (rather than
84 the file to which it refers) by specifying the O_PATH flag in a subse‐
85 quent call to open_by_handle_at(2). Again, that file descriptor can be
86 used in the aforementioned system calls to operate on the symbolic link
87 itself.
88
89 Handling of symbolic links by system calls and commands
90 Symbolic links are handled either by operating on the link itself, or
91 by operating on the object referred to by the link. In the latter
92 case, an application or system call is said to follow the link. Sym‐
93 bolic links may refer to other symbolic links, in which case the links
94 are dereferenced until an object that is not a symbolic link is found,
95 a symbolic link that refers to a file which does not exist is found, or
96 a loop is detected. (Loop detection is done by placing an upper limit
97 on the number of links that may be followed, and an error results if
98 this limit is exceeded.)
99
100 There are three separate areas that need to be discussed. They are as
101 follows:
102
103 1. Symbolic links used as filename arguments for system calls.
104
105 2. Symbolic links specified as command-line arguments to utilities that
106 are not traversing a file tree.
107
108 3. Symbolic links encountered by utilities that are traversing a file
109 tree (either specified on the command line or encountered as part of
110 the file hierarchy walk).
111
112 Before describing the treatment of symbolic links by system calls and
113 commands, we require some terminology. Given a pathname of the form
114 a/b/c, the part preceding the final slash (i.e., a/b) is called the
115 dirname component, and the part following the final slash (i.e., c) is
116 called the basename component.
117
118 Treatment of symbolic links in system calls
119 The first area is symbolic links used as filename arguments for system
120 calls.
121
122 The treatment of symbolic links within a pathname passed to a system
123 call is as follows:
124
125 1. Within the dirname component of a pathname, symbolic links are al‐
126 ways followed in nearly every system call. (This is also true for
127 commands.) The one exception is openat2(2), which provides flags
128 that can be used to explicitly prevent following of symbolic links
129 in the dirname component.
130
131 2. Except as noted below, all system calls follow symbolic links in the
132 basename component of a pathname. For example, if there were a sym‐
133 bolic link slink which pointed to a file named afile, the system
134 call open("slink" ...) would return a file descriptor referring to
135 the file afile.
136
137 Various system calls do not follow links in the basename component of a
138 pathname, and operate on the symbolic link itself. They are:
139 lchown(2), lgetxattr(2), llistxattr(2), lremovexattr(2), lsetxattr(2),
140 lstat(2), readlink(2), rename(2), rmdir(2), and unlink(2).
141
142 Certain other system calls optionally follow symbolic links in the
143 basename component of a pathname. They are: faccessat(2), fchownat(2),
144 fstatat(2), linkat(2), name_to_handle_at(2), open(2), openat(2),
145 open_by_handle_at(2), and utimensat(2); see their manual pages for de‐
146 tails. Because remove(3) is an alias for unlink(2), that library func‐
147 tion also does not follow symbolic links. When rmdir(2) is applied to
148 a symbolic link, it fails with the error ENOTDIR.
149
150 link(2) warrants special discussion. POSIX.1-2001 specifies that
151 link(2) should dereference oldpath if it is a symbolic link. However,
152 Linux does not do this. (By default, Solaris is the same, but the
153 POSIX.1-2001 specified behavior can be obtained with suitable compiler
154 options.) POSIX.1-2008 changed the specification to allow either be‐
155 havior in an implementation.
156
157 Commands not traversing a file tree
158 The second area is symbolic links, specified as command-line filename
159 arguments, to commands which are not traversing a file tree.
160
161 Except as noted below, commands follow symbolic links named as command-
162 line arguments. For example, if there were a symbolic link slink which
163 pointed to a file named afile, the command cat slink would display the
164 contents of the file afile.
165
166 It is important to realize that this rule includes commands which may
167 optionally traverse file trees; for example, the command chown file is
168 included in this rule, while the command chown -R file, which performs
169 a tree traversal, is not. (The latter is described in the third area,
170 below.)
171
172 If it is explicitly intended that the command operate on the symbolic
173 link instead of following the symbolic link—for example, it is desired
174 that chown slink change the ownership of the file that slink is,
175 whether it is a symbolic link or not—then the -h option should be used.
176 In the above example, chown root slink would change the ownership of
177 the file referred to by slink, while chown -h root slink would change
178 the ownership of slink itself.
179
180 There are some exceptions to this rule:
181
182 * The mv(1) and rm(1) commands do not follow symbolic links named as
183 arguments, but respectively attempt to rename and delete them.
184 (Note, if the symbolic link references a file via a relative path,
185 moving it to another directory may very well cause it to stop work‐
186 ing, since the path may no longer be correct.)
187
188 * The ls(1) command is also an exception to this rule. For compatibil‐
189 ity with historic systems (when ls(1) is not doing a tree walk—that
190 is, -R option is not specified), the ls(1) command follows symbolic
191 links named as arguments if the -H or -L option is specified, or if
192 the -F, -d, or -l options are not specified. (The ls(1) command is
193 the only command where the -H and -L options affect its behavior even
194 though it is not doing a walk of a file tree.)
195
196 * The file(1) command is also an exception to this rule. The file(1)
197 command does not follow symbolic links named as argument by default.
198 The file(1) command does follow symbolic links named as argument if
199 the -L option is specified.
200
201 Commands traversing a file tree
202 The following commands either optionally or always traverse file trees:
203 chgrp(1), chmod(1), chown(1), cp(1), du(1), find(1), ls(1), pax(1),
204 rm(1), and tar(1).
205
206 It is important to realize that the following rules apply equally to
207 symbolic links encountered during the file tree traversal and symbolic
208 links listed as command-line arguments.
209
210 The first rule applies to symbolic links that reference files other
211 than directories. Operations that apply to symbolic links are per‐
212 formed on the links themselves, but otherwise the links are ignored.
213
214 The command rm -r slink directory will remove slink, as well as any
215 symbolic links encountered in the tree traversal of directory, because
216 symbolic links may be removed. In no case will rm(1) affect the file
217 referred to by slink.
218
219 The second rule applies to symbolic links that refer to directories.
220 Symbolic links that refer to directories are never followed by default.
221 This is often referred to as a "physical" walk, as opposed to a "logi‐
222 cal" walk (where symbolic links that refer to directories are fol‐
223 lowed).
224
225 Certain conventions are (should be) followed as consistently as possi‐
226 ble by commands that perform file tree walks:
227
228 * A command can be made to follow any symbolic links named on the com‐
229 mand line, regardless of the type of file they reference, by specify‐
230 ing the -H (for "half-logical") flag. This flag is intended to make
231 the command-line name space look like the logical name space. (Note,
232 for commands that do not always do file tree traversals, the -H flag
233 will be ignored if the -R flag is not also specified.)
234
235 For example, the command chown -HR user slink will traverse the file
236 hierarchy rooted in the file pointed to by slink. Note, the -H is
237 not the same as the previously discussed -h flag. The -H flag causes
238 symbolic links specified on the command line to be dereferenced for
239 the purposes of both the action to be performed and the tree walk,
240 and it is as if the user had specified the name of the file to which
241 the symbolic link pointed.
242
243 * A command can be made to follow any symbolic links named on the com‐
244 mand line, as well as any symbolic links encountered during the tra‐
245 versal, regardless of the type of file they reference, by specifying
246 the -L (for "logical") flag. This flag is intended to make the en‐
247 tire name space look like the logical name space. (Note, for com‐
248 mands that do not always do file tree traversals, the -L flag will be
249 ignored if the -R flag is not also specified.)
250
251 For example, the command chown -LR user slink will change the owner
252 of the file referred to by slink. If slink refers to a directory,
253 chown will traverse the file hierarchy rooted in the directory that
254 it references. In addition, if any symbolic links are encountered in
255 any file tree that chown traverses, they will be treated in the same
256 fashion as slink.
257
258 * A command can be made to provide the default behavior by specifying
259 the -P (for "physical") flag. This flag is intended to make the en‐
260 tire name space look like the physical name space.
261
262 For commands that do not by default do file tree traversals, the -H,
263 -L, and -P flags are ignored if the -R flag is not also specified. In
264 addition, you may specify the -H, -L, and -P options more than once;
265 the last one specified determines the command's behavior. This is in‐
266 tended to permit you to alias commands to behave one way or the other,
267 and then override that behavior on the command line.
268
269 The ls(1) and rm(1) commands have exceptions to these rules:
270
271 * The rm(1) command operates on the symbolic link, and not the file it
272 references, and therefore never follows a symbolic link. The rm(1)
273 command does not support the -H, -L, or -P options.
274
275 * To maintain compatibility with historic systems, the ls(1) command
276 acts a little differently. If you do not specify the -F, -d, or -l
277 options, ls(1) will follow symbolic links specified on the command
278 line. If the -L flag is specified, ls(1) follows all symbolic links,
279 regardless of their type, whether specified on the command line or
280 encountered in the tree walk.
281
283 chgrp(1), chmod(1), find(1), ln(1), ls(1), mv(1), namei(1), rm(1),
284 lchown(2), link(2), lstat(2), readlink(2), rename(2), symlink(2), un‐
285 link(2), utimensat(2), lutimes(3), path_resolution(7)
286
288 This page is part of release 5.12 of the Linux man-pages project. A
289 description of the project, information about reporting bugs, and the
290 latest version of this page, can be found at
291 https://www.kernel.org/doc/man-pages/.
292
293
294
295Linux 2021-03-22 SYMLINK(7)