Hard-link creation - Permissions?

To create the hard-link alice will need write+execute permissions on target-dir on all cases. The permissions needed on target.txt will vary:

  • If fs.protected_hardlinks = 1 then alice needs either ownership of target.txt or at least read+write permissions on it.
  • If fs.protected_hardlinks = 0 then any set of permissions will do; Even 000 is okay.

This answer to a similar question had the missing piece of information to answer this question.

From http://kernel.opensuse.org/cgit/kernel/commit/?id=800179c9b8a1 [emphasis mine]:


On systems that have user-writable directories on the same partition as system files, a long-standing class of security issues is the hardlink-based time-of-check-time-of-use race, most commonly seen in world-writable directories like /tmp. The common method of exploitation of this flaw is to cross privilege boundaries when following a given hardlink (i.e. a root process follows a hardlink created by another user). Additionally, an issue exists where users can "pin" a potentially vulnerable setuid/setgid file so that an administrator will not actually upgrade a system fully.

The solution is to permit hardlinks to only be created when the user is already the existing file's owner, or if they already have read/write access to the existing file.