Release notes
Considerations when auditing symlinks and hard links
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Data protection with the CLI
-
-
Collection of separate PDF docs
Creating your file...
There are certain considerations you must keep in mind when auditing symlinks and hard links.
An audit record contains information about the object being audited including the path to the audited object, which is identified in the ObjectName tag. You should be aware of how paths for symlinks and hard links are recorded in the ObjectName tag.
Symlinks
A symlink is a file with a separate inode that contains a pointer to the location of a destination object, known as the target. When accessing an object through a symlink, ONTAP automatically interprets the symlink and follows the actual canonical protocol agnostic path to the target object in the volume.
In the following example output, there are two symlinks, both pointing to a file named target.txt. One of the symlinks is a relative symlink and one is an absolute symlink. If either of the symlinks are audited, the ObjectName tag in the audit event contains the path to the file target.txt:
[root@host1 audit]# ls -l total 0 lrwxrwxrwx 1 user1 group1 37 Apr 2 10:09 softlink_fullpath.txt -> /data/audit/target.txt lrwxrwxrwx 1 user1 group1 10 Apr 2 09:54 softlink.txt -> target.txt -rwxrwxrwx 1 user1 group1 16 Apr 2 10:05 target.txt
Hard links
A hard link is a directory entry that associates a name with an existing file on a file system. The hard link points to the inode location of the original file. Similar to how ONTAP interprets symlinks, ONTAP interprets the hard link and follows the actual canonical path to the target object in the volume. When access to a hard link object is audited, the audit event records this absolute canonical path in the ObjectName tag rather than the hard link path.