Hard Links and Permissions / ACLs
Commenter Lee asked how ACLs are evaluated when an object has multiple hard links. I replied with comments of my own, which turned out to be wrong after I did some experiments. Here is what I found out about hard link permissions and believe to be true.
Can permissions on multiple hard links to the same data be different?
No. Permissions on all hard links to the same data on disk are always identical. The same applies to attributes. That means if you change the permissions/owner/attributes on one hard link, you will immediately see the changes on all other hard links.
Which permissions on the link target are required to create a hard link?
Only the permission “write attributes” (for programmers: FILE_WRITE_ATTRIBUTES) is needed on the target. Whether or not you are the owner of the target is not relevant.
These topics do not seem to be documented anywhere. So how did I find out? I tried it out (on Windows 7 RC).
Have a care though – hard-links (creating single location files that share data to different access points in multiple directory lists) are not the same as junctions (fooling the upper layers that a directory is not a shortcut, but a real local directory).
In fact re-parse points for folders (esp. re-parse points that are NTFS junctions) are an excellent way to manage differences of required privilege by having a different ACL for each route to a folder. Thus one route can provide “read-only” access to the great unwashed, whilst another “admin” route can allow administrators immediate access to maintenance. But this then applies to ALL the data files in the folder that in themselves do not already impose greater restrictions via their own ACL.
However, the “fun thing” is that they can only “inherit” permissions and restrictions via the folder path through which they were accessed – which then applies in addition to their own ACL. Unless of course, the “inherit from parent” is turned off in the data file’s ACL. What then happens is… er. em, “subject to experimentation”.