Hard Links and Permissions / ACLs

Windows Internals
Published May 14, 2009

Commenter Lee asked how ACLs are evaluated when an object has multiple hard links. I replied with comments of my own, which turned out to be wrong after I did some experiments. Here is what I found out about hard link permissions and believe to be true.

Can permissions on multiple hard links to the same data be different?

No. Permissions on all hard links to the same data on disk are always identical. The same applies to attributes. That means if you change the permissions/owner/attributes on one hard link, you will immediately see the changes on all other hard links.

Which permissions on the link target are required to create a hard link?

Only the permission “write attributes” (for programmers: FILE_WRITE_ATTRIBUTES) is needed on the target. Whether or not you are the owner of the target is not relevant.

These topics do not seem to be documented anywhere. So how did I find out? I tried it out (on Windows 7 RC).

Attribute DACL Hard Link Owner Permissions SACL

Comments

Comments are powered by Giscus. Please enable JavaScript to view them, or view discussions directly on GitHub.

Related Posts

How to Modify Default Share Permissions and Other Tweaks

NTFS permissions are stored in the file system, that is well known. But where are share permissions stored? As so often with Windows: in the registry. Network shares are defined by only a handful of relatively simple registry entries stored in the server service’s key which is, for historical reasons that go back way beyond OS/2, named “LanmanServer” (the workstation service is similarly named “LanmanWorkstation”).

Windows Internals

Permissions Windows Does Not Show You

Permissions Windows Does Not Show You

Sometimes it is good not to know the truth, but as an administrator you better know what is going on! Most IT pros know that Explorer lies a lot (on a German system C:\Users magically becomes C:\Benutzer), but few are aware that Windows’ permission handling dialog ACL Editor also tends to “pretty up” things.

How to Prevent Users from Changing Permissions on File Servers

On file servers in corporate environments one typically does not want users to change permissions, even on their own files. It might seem that it would be sufficient to simply grant change permissions instead of full control, but unfortunately that is not the case. The problem is that whenever a new file gets created, the user creating the file will be its owner. And owners can always change permissions, regardless of the contents of the DACL.

Anatomy of WerFault.exe's Application Crash Error Reporting

Anatomy of WerFault.exe's Application Crash Error Reporting

Not much information is available on Windows Error Reporting’s WerFault.exe, the process that is launched by the OS whenever an application crashes. This post documents the launch sequence of WerFault.exe and its related processes along with their command line parameters.

Windows Internals

Latest Posts

WSL Disk Space Cleanup

WSL Disk Space Cleanup

The Windows Subsystem for Linux (WSL) stores its virtual hard disks in the user profile on drive C:. These VHDX files can grow up to 1 TB in size, making it necessary to clean up and reclaim space occasionally. This article shows how.

Virtualization & Containers

Changing the Location of PowerShell Profile Scripts

A PowerShell profile is an init script that is executed when the shell starts. PowerShell searches for profile scripts in hard-coded locations. This article explains how to move profile scripts to any directory of your choice.

Changing the Location of the Windows Terminal Settings Files

Changing the Location of the Windows Terminal Settings Files

Windows Terminal stores its settings in configuration files that resides in the Windows user profile. This article explains how to move them to any directory of your choice. Where are the Settings Files Located? The location of the Windows Terminal settings file is hard-coded. The exact path depends on the app variant you installed, but it’s always in the user profile:

Fast & Silent 5 Watt PC: Minimizing Idle Power Usage

Fast & Silent 5 Watt PC: Minimizing Idle Power Usage

This micro-series explains how to turn the Lenovo ThinkCentre M90t Gen 6 into a smart workstation that consumes only 5 Watts when idle but reaches top Cinebench scores while staying almost imperceptibly silent. In the first post, I showed how to silence the machine by replacing and adding to Lenovo’s CPU cooler. In this second post, I’m listing the exact configuration that achieves the lofty goal of combining minimal idle power consumption with top Cinebench scores.