Symbolic links flashing red despite existing

I've created a symbolic link

ln -s /home/{user2}/Music /home/{user1}/Music

The target exists and {user1} has rwx permissions to the directory via membership of 'users'

ls -al /home/household |grep Music
drwxrwxr-x+ 270 {user2} users     12288 Jul 17 17:18 Music

But the link created does not appear in dolphin and flashes red in ls

What's going wrong?

Example:

ln -s /data/steve/Downloads ~/Downloads

link /where/the/directory-is to /where/you/want/the/link

so

ln -s /home/user1/music /home/user2/music

Assuming the music folder is under user1's home.

Sorry, I can't see any difference between that and the code I quoted as having done. What am I missing?

ln -s /home/{user2}/Music /home/{user1}/Music

(the music folder is in user2's home, so it's the other way round)

1 Like

That wasn't clear. And I can't read :smiley:

I take it the {} braces are you hiding your user name?

Might require sudo....? ? ?

Apologies, my bad.

Yes, If I revealed my true name, I'd have to kill you.

Thanks, just tried it with sudo but to no avail, still flashing.

user1 might not be able to read /home/user2.
Login as user1 and check via cd /home/user2 and/or cd /home/user2/Music.

1 Like

Yes, that's right. I'm hoping it's not the case that one user needs read rights to the whole of another user's home just in order to make a link? Basically, I want user1 to have access to the 'Music' folder of user2. I don't want user2 to have access to any of user1's files in return. Is that possible?

To access a directory one must have rx-access to any path component.
One option would be to move the Music-directory to a new location outside /home and create symlinks in every user-home.

1 Like

I think you need to rethink your folder layout.

My instinct tells me it is a permission issue with the parent /home/$USER folder.

You can solve this - avoiding making the $USER folder readable by all - by creating an extra folder structure for the shared files e.g. /data/shared.

Then move the shared music folder to the shared folder.

$ sudo mkdir /data/shared
$ sudo chmod ugo+rw /data/shared
$ mv /home/$user2/Music /data/shared

You may need to adjust the moved Music folder's and the files permission

sudo chmod ugo+rw /data/shared/Music -R

login into the user2 account

$ rm Music
$ ln -s /data/shared/Music /home/$user2

then login into the user1 account and repeat

$ rm Music
$ ln -s /data/shared/Music /home/$user1
3 Likes

This is not a problem, I can try that...

...but I don't understand the reason

I've done sudo chown -R {user2} users on the whole '{user2}/Music' directory so anyone in 'users' should have full access, shouldn't they?

Yep, it looks like that's what I've got to do. Thanks for such exhaustive instructions. I still don't really understand why though, but I guess that will have to wait.

So the structure is:
/home
└── user1 (Steve for me)
└── user2 (user2 for me)

sudo mkdir /home/user2
sudo chgrp -R users /home/user2
sudo cp -r dotfiles /home/user2 # a small folder in my home.
ln -s /home/user2/dotfiles ~/ttemp

Then list the directory:

ls ttemp/
'#.aliasesrc#'         azirevpn-wg.sh   emacs.d                 plasma-xcape.sh   scripts    xbindkey
 aliasesrc-emergency   bash             Most_Files_are_Hidden   README.md         tmux       Xmodmap
 autokey               config.org       plasmacfg               reinstall         tmux-old   zshrc-emergency

All seems to work here.

The only difference seems to be that you're putting the whole /home/user2 directory into 'users' group whereas I'm only putting a sub-directory of /home/user2 into 'users'. /home/user2 remains owned by user2:user2.

The process I've carried out on my OP has literally been cut and pasted from my console, so you can see what I've done.

I can't fathom why that would be a problem, but when I get back in this evening, I'm going to try the solution above, and if it works then at least I'll know where the problem stems from, even if I don't understand why.

Yes - because when you make a folder using sudo you are creating with permissions 755 which is

user  rwx
group r_x
other r_x

When a user is created the home folder is with permissions 700 which is

user  rwx
group ___
other ___

That is why it is working just by creating a folder like you did.

To my limited knowledge to access a path it requires at least the execute bit to be able to cd to that folder.

OK. But I use the method you stated anyway, I have a /data/ shared directory.

...but I changed the ownership of the /home/user2/Music folder to {user2}:users and checked it with ls (as you can see above). The folder I'm trying to link to is

drwxrwxr-x+ 270 {user2} users     12288 Jul 17 17:18 Music

doesn't that mean that anyone in 'users' has full rwx permissions to it?

As I understand it Yes - but if you have no execute rights on the parent user2 folder you cannot cd into it.

You need to be able to cd into /home/user2 before you can cd into Music folder.

So ls -la /home/user2 will probably reveal permissions 700 which will prevent everybody but the user to cd into the folder.

I don't understand the permissions schema completely and I just checked my setup and I get a little confused

~ >>> ls -la /home
total 12
drwxr-xr-x  3 root root 4096 Jul  2 10:52 .
drwxr-xr-x 18 root root 4096 Jul 13 08:45 ..
drwxr-xr-x 33 fh   fh   4096 Jul 19 15:15 fh

Which seems to allow anyone to cd into the home folder of fh. Permissions is 755 which I must have set somehow. It could be a side effect of autologin - but that is just speculation as I don't remember how I created the initial user.

I just tested creating a user and it is as I expected - new user is created with permissions 700 which explicitly blocks anyone but the test user to enter the /home/test folder

~ >>> sudo useradd -m -U test
[sudo] password for fh: 
~ >>> ls -la /home
total 16
drwxr-xr-x  4 root root 4096 Jul 19 16:04 .
drwxr-xr-x 18 root root 4096 Jul 13 08:45 ..
drwxr-xr-x 33 fh   fh   4096 Jul 19 15:15 fh
drwx------  6 test test 4096 Jul 19 16:04 test

No it does not. It also depends on rx-permissions for users-group-members on all ancestor-directories.

So an alternative is to give everyone rx permission on /home/user2? I could do that as I only set up user2 as a kind of central storage user (I used a user rather than just a directory structure because I also wanted a 'default' desktop environment, so doing so seemed to kill two birds with one stone).

I'm away from the computer now but I'll try it when I get back.

It actually only requires the executable bit as illustrated below


A solution to your present setup is the following as illustrated with a terminal output.
Note that I am only setting the executable bit on the test user folder and inside the test user's homefolder I am setting ugo+rwx on a folder.

~ >>> sudo useradd -m -U test
[sudo] password for fh: 
~ >>> ls -la /home
total 16
drwxr-xr-x  4 root root 4096 Jul 19 16:04 .
drwxr-xr-x 18 root root 4096 Jul 13 08:45 ..
drwxr-xr-x 33 fh   fh   4096 Jul 19 15:15 fh
drwx------  6 test test 4096 Jul 19 16:04 test
~ >>> sudo chmod go+x /home/test
[sudo] password for fh: 
~ >>> ls -la /home
total 16
drwxr-xr-x  4 root root 4096 Jul 19 16:04 .
drwxr-xr-x 18 root root 4096 Jul 13 08:45 ..
drwxr-xr-x 33 fh   fh   4096 Jul 19 15:15 fh
drwx--x--x  6 test test 4096 Jul 19 16:04 test
~ >>> sudo mkdir /home/test/blindfold
~ >>> sudo chown test:test /home/test/blindfold
~ >>> sudo chmod ugo+rw /home/test/blindfold
~ >>> ls -la /home/test
ls: cannot open directory '/home/test': Permission denied
~ >>> cd /home/test/blindfold
/home/test/blindfold >>> 
/home/test/blindfold >>> touch blindfold.txt
/home/test/blindfold >>> nano blindfold.txt
/home/test/blindfold >>> cd
~ >>> ls -la /home/test
ls: cannot open directory '/home/test': Permission denied
~ >>> ls -la /home/test/blindfold
total 12
drwxrwxrwx 2 test test 4096 Jul 19 16:21 .
drwx--x--x 7 test test 4096 Jul 19 16:18 ..
-rw-r--r-- 1 fh   fh     12 Jul 19 16:22 blindfold.txt
~ >>> cat /home/test/blindfold/blindfold.txt
blindfolded

To summarize:
You only need to set the execute bit on the user2 folder to be able to access the user2/Music folder and also - as you did - set the go permissions on the Music folder - otherwise it won't work.

You access it blindfolded as you cannot see what else is available in the user2 folder.

2 Likes

Nice, I did not know that. Would suffice for symlinking etc.