Re: Directory/File Access Permissions for COPY and Generic File Access Functions

Stephen Frost <sfrost(at)snowman(dot)net> writes:
> * Alvaro Herrera (alvherre(at)2ndquadrant(dot)com) wrote:
>> Users cannot create a hard link to a file they can't already access.

> The specifics actually depend on (on Linux, at least) the value of
> /proc/sys/fs/protected_hardlink, which has existed in upstream since 3.6
> (not sure about the RHEL kernels, though I expect they've incorporated
> it also at some point along the way).

No such file in RHEL 6.6 :-(.

What the POSIX spec for link(2) says is

[EACCES]
A component of either path prefix denies search permission, or the
requested link requires writing in a directory that denies write
permission, or the calling process does not have permission to access
the existing file and this is required by the implementation.

It's not very clear what "access" means, and in any case this wording
gives implementors permission to not enforce anything at all in that
line. Whether particular flavors of Linux do or not doesn't help us
much, because other popular platforms clearly don't enforce it.

regards, tom lane