protect hard & symbolic links in linux

How to Protect Hard and Symbolic Links in CentOS

Every Linux system allows you to create hard and symbolic (soft) links to files, applications and directories. Hard links are actual copies of the file or directory whereas symbolic links are simply pointers to the original file or directory. It is important to prevent these links from being deleted otherwise important files & directories on your system may stop working properly. Also, it allows malicious software from deleting or modifying links on your system, to suite their requirements and damage your data/system. But did you know you could protect these links from being deleted? In this article, we will learn how to protect hard and symbolic links in CentOS.


How to Protect Hard and Symbolic Links in CentOS

Here are the steps to protect hard and symbolic links in CentOS. Luckily, there exist certain security features in RHEL/CentOS systems that protect links from being created or pointed to.

For example, a user can create hard links only to files & directories that he/she owns. Alternatively, the user must have read/write access to the file/directory that they want to link to.

In case of soft links, processes are allowed to link to symbolic links if they are the owner of the symbolic link or the directory containing the symbolic link.


Enable or Disable Protection of Hard/Symbolic Links

By default, this feature is enabled in configuration file at /usr/lib/sysctl.d/50-default.conf. If you open this file in text editor, you will see the following values.

fs.protected_hardlinks = 1
fs.protected_symlinks = 1

If you want to modify this setting, you can set the above flags to 0. Alternatively, create another new file with the following filename. You need to use a filename such that it is read only after reading the default file mentioned above.501-noprotect-links will be read after 50-default.conf since all files in this directory are read alphabetically one after the other.

$ vi /etc/sysctl.d/51-noprotect-links.conf

Add the following lines to it.

fs.protected_hardlinks = 0
fs.protected_symlinks = 0

Save and close the file. Run the following command to apply changes.

# sysctl --system
OR
# sysctl -p  #on older systems

In this article, we have learnt how to protect hard and symbolic links in CentOS. The key is to set the required flag to 1 or 0 depending on whether you want to enable/disable protection.


Please note, the above changes will be applicable to all hard or symbolic links on your system. It will not allow you to selectively protect only certain links on your system.


Also read:

How to Run Shell Script on Another Server
How to Manage Systemd Services on Remote Linux Systems
How to Synchronize Time with NTP in Linux
How to Enable Confirmation for Rm Command
How to Share Linux Terminal Session

Leave a Reply

Your email address will not be published. Required fields are marked *