You can chown -h, but you cannot chmod -h, so the user and group remain irrelevant except for niche purposes like disk quotas, and sticky directories. And symlinks in pseudo-filesystems (/proc/), which actually do have permissions, but you cannot change those.
What really matter are the permissions on the target and its parent directories. Does your guest user have r-x or --x permission on /home/michael/, for a start?
Write-execute permission on a directory in POSIX allows you to remove all files in that directory, even with no permissions on the files themselves. You cannot remove non-empty sub-directories, but you can rename and replace them. So from the point where a user has either ownership or write access, the entire tree below that should not be trusted by other users.
Hence we have lots of directories for different types of files, wherever there is a possibility they might need to be under different control. With all of them owned by one user or group, or root, all the back to /. I suspect your scheme may break some of this.
But what I meant by fragile is that just symlinks do not substitute for files in all cases. And they introduce a lot of dependencies on other parts of the directory structure.
What really matter are the permissions on the target and its parent directories. Does your guest user have r-x or --x permission on /home/michael/, for a start?
Write-execute permission on a directory in POSIX allows you to remove all files in that directory, even with no permissions on the files themselves. You cannot remove non-empty sub-directories, but you can rename and replace them. So from the point where a user has either ownership or write access, the entire tree below that should not be trusted by other users.
Hence we have lots of directories for different types of files, wherever there is a possibility they might need to be under different control. With all of them owned by one user or group, or root, all the back to /. I suspect your scheme may break some of this.
But what I meant by fragile is that just symlinks do not substitute for files in all cases. And they introduce a lot of dependencies on other parts of the directory structure.
Statistics: Posted by jojopi — Fri Jan 03, 2025 8:48 pm