$ Linux One Liners
Back to lessons

Hosting Operations

Audit a Symlink Permission Chain

You need to inspect symlink targets and every parent directory before deciding whether permissions are wrong.

Command

find fixtures/perm-audit -type l -printf '%p -> %l\n' -exec namei -l {} \;

What changed

Nothing changes. The command lists symlinks and traces their resolved path components.

Danger

safe

When to use it

Use when current-release, shared-secret, or uploads symlinks complicate a permission issue.

When not to use it

Do not audit only the symlink inode; access depends on the target path too.

Undo or recovery

No undo needed because this command is read-only.

Expected output

Each symlink target followed by namei ownership and mode details.

demo script

Disposable terminal steps

  1. find fixtures/perm-audit -type l -printf '%p -> %l\n' | sort
  2. find fixtures/perm-audit -type l -printf '%p -> %l\n' -exec namei -l {} \;
Terminal transcript Demo JSON

simulated output

What it looks like

disposable vessel 
::fixture-ready::
$ find fixtures/perm-audit -type l -printf '%p -> %l\n' | sort
fixtures/perm-audit/current/app -> ../releases/2026-06-25
fixtures/perm-audit/releases/2026-06-25/config/prod.token -> ../../../shared/secrets/prod.token
::exit-code::0
$ find fixtures/perm-audit -type l -printf '%p -> %l\n' -exec namei -l {} \;
fixtures/perm-audit/current/app -> ../releases/2026-06-25
f: fixtures/perm-audit/current/app
drwxr-xr-x root root fixtures
drwxr-xr-x root root perm-audit
drwxr-xr-x root root current
lrwxrwxrwx root root app -> ../releases/2026-06-25
drwxr-xr-x root root   ..
drwxr-xr-x root root   releases
drwxr-xr-x root root   2026-06-25
fixtures/perm-audit/releases/2026-06-25/config/prod.token -> ../../../shared/secrets/prod.token
f: fixtures/perm-audit/releases/2026-06-25/config/prod.token
drwxr-xr-x root root fixtures
drwxr-xr-x root root perm-audit
drwxr-xr-x root root releases
drwxr-xr-x root root 2026-06-25
drwxr-xr-x root root config
lrwxrwxrwx root root prod.token -> ../../../shared/secrets/prod.token
drwxr-xr-x root root   ..
drwxr-xr-x root root   ..
drwxr-xr-x root root   ..
drwxr-xr-x root root   shared
drwxr-xr-x root root   secrets
-rw------- root root   prod.token
::exit-code::0

YouTube Short

Trace symlink permissions.

When a path includes symlinks, audit the target chain. The file you see is not always the file the service opens.

LinkedIn hook

A symlink can make the path you audited different from the file the app opens.

Question: Do release symlinks make your permission audits harder?

experiments

A/B tests to run

Metric: short_click_through_rate

A: Symlinks change the story.

B: Audit the target, not just the link.