Jump to content

NTFS links

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Ghettoblaster (talk | contribs) at 12:42, 20 June 2020 (Command-line tools and APIs). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The NTFS filesystem defines various ways to link files, i.e. to make a file point to another file or its contents. The object being pointed to is called the target. There are three classes of links:

  • Hard links, which have files share the same MFT entry (inode), in the same filesystem.
  • Symbolic links, which record the path of another file that the links contents should show. Can accept relative paths. SMB networking (UNC path) and directory support added in NTFS 3.1.
  • Junction points, which are similar to symlinks but defined only for directories. Only accepts local absolute paths.[1]

All NTFS links are designed to be transparent to applications. This means that the application accessing a link will be seamlessly redirected by the file system driver, and no special handling is needed. To users, they appear as normal directories or files. This also leads to an aliasing effect: writes to a link will pass the write to the underlying, linked file or MFT entry.

Symbolic links and junction points, which need to carry additional data including the path they point to, are based on NTFS reparse points. Their path-recording nature means that they can link to files on other volumes or even remote files. On the other hand, hard links are created simply by giving an entry in the MFT a new filename to take on, so it is restricted to files in the same filesystem.

An NTFS symbolic link is not the same as a Windows shortcut file, which is a regular file. The latter may be created on any filesystem (such as the earlier FAT32), may contain metadata (such as an icon to display when the shortcut is viewed in Windows Explorer), and is not transparent to applications.

History

Symbolic links to directories or volumes, called junction points and mount points, were introduced with NTFS 3.0 that shipped with Windows 2000. From NTFS 3.1 onwards, symbolic links can be created for any kind of file system object. NTFS 3.1 was introduced together with Windows XP, but the functionality was not made available (through ntfs.sys) to user mode applications. Third-party filter drivers – such as Masatoshi Kimura's opensource senable driver – could however be installed to make the feature available in user mode as well. The ntfs.sys released with Windows Vista made the functionality available to user mode applications by default.

Since NTFS 3.1, a symbolic link can also point to a file or remote SMB network path. While NTFS junction points support only absolute paths on local drives, the NTFS symbolic links allow linking using relative paths. Additionally, the NTFS symbolic link implementation provides full support for cross-filesystem links. However, the functionality enabling cross-host symbolic links requires that the remote system also support them, which effectively limits their support to Windows Vista and later Windows operating systems.

Restrictions and drawbacks

The default security settings in Windows Vista/Windows 7 disallow non-elevated administrators and all non-administrators from creating symbolic links. This behavior can be changed running "secpol.msc" the Local Security Policy management console (under: Security Settings\Local Policies\User Rights Assignment\Create symbolic links). It can be worked around by starting cmd.exe with Run as administrator option or the runas command. Starting with Windows 10 Insiders build 14972 the requirement for elevated administrator privileges was removed in Windows "Developer Mode", allowing symlinks to be created without needing to elevate the console as administrator. On the API level, a SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE flag is supplied for this purpose.[2]

Non-junctionable files

Neither the Windows NT startup process nor the Windows Vista startup process support Junction points, so it's impossible to redirect certain system folders:

  • \Windows
  • \Windows\System32
  • \Windows\Config

However it is possible to redirect non-critical folders:

  • \Users
  • \Documents and Settings
  • \Program Files
  • \Program Files (x86)

Creating junctions for \Users and \ProgramData pointing to another drive is not recommended as it breaks updates and Windows Store Apps.[3]

Creating junctions for \Users, \ProgramData, "\Program Files" or "\Program Files (x86)" pointing to other locations breaks installation or upgrade of Windows.[4]

Creating junctions for "\Program Files" or "\Program Files (x86)" pointing to another drive breaks Windows' Component Based Servicing which hardlinks files from its repository \Windows\SxS to their installation directory.[citation needed]

Examples of use

Built-in uses

  • Windows Component Store (WinSxS) use hard links to keep track of different versions of DLLs stored on the hard disk drive.
  • Symlinks are in Windows Server 2008 for a \Users\All Users\ -> \ProgramData\ redirection (in basic installation).

Program redirection

By setting a junction point that points to a directory containing a particular version of a piece of software, it may be possible to add another version of the software and redirect the junction point to point to the version desired.

Saving disk space

The contents of a junction use almost no disk space (they simply point to the original directory). If you need to have multiple points of entry to a large directory, junction points will serve that purpose well. Junction points should not be confused with a copy of something as junctions simply point to the original. If directories need to be modified separately a junction cannot be used as it does not provide a distinct copy of the directory or files within.

Likewise, symbolic links and hard links are useful for merging the contents of individual files.

Circumventing predefined paths

Since reinstalling Windows (or installing a new version) often requires deleting the contents of the C: drive, it is advantageous to create multiple partitions so only one partition needs to be deleted during the installation. However, some programs don't let the user choose the installation directory, or install some of their files to the C: drive even when they are installed to a different drive. By creating a junction point, the program can be tricked into installing to a different directory.

Deferred target invalidation hazards

Significant hazards lurk in the use of hard links schemes that either:

  • include links that refer to their own parent folders, such as creating hard link X:\path\to\parent which points to either X:\path\ or X:\path\to\, or
  • specify targets by using volume drive letters, such as X:, in X:\some\path\.

The problem in the first case is that it creates recursive paths, which further implies infinite recursion in the directory structure. By introducing reentrancy, the presence of one or more directory junctions changes the structure of the file system from a simple proper tree into a directed graph, but recursive linking further complicates the graph-theoretical character from acyclic to cyclic. Since the same files and directories can now be encountered through multiple paths, applications which traverse reentrant or recursive structures naively may give incorrect or incoherent results, or may never terminate. Worse, if recursively deleting, such programs may attempt to delete a parent of the directory it is currently traversing.

Note that both of the conditions listed above exist in the system of hard links established on the C: drive in the default Windows setup. For example, every Windows 10 installation defines the recursive path:

C:\ProgramData\
C:\ProgramData\Application Data\
C:\ProgramData\Application Data\Application Data\
C:\ProgramData\Application Data\Application Data\Application Data\
C:\ProgramData\Application Data\Application Data\Application Data\Application Data\
C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\ ...

Each additional path name in this seemingly infinite set is an actual valid Windows path which refers to the same location. In practice, path names are limited by the 260-character DOS path limit (or newer 32,767 character limit), but truncation may result in incomplete or invalid path and file names. Whenever a copy of a Windows installation is archived, with directory junctions intact, to another volume on the same—or worse—another computer, the archived copy may still incorporate active folders from the running installation. For example, depending on the method used for copying, a backup copy of a Windows drive X:\archive\... will include a hard link called X:\archive\Users\USERNAME\My Documents which still points to folder C:\Users\USERNAME\Documents\ in the current, active installation.

The second form of deferred target mis-referral, while conceptually simpler, can have more severe consequences. When a self-consistent volume or directory structure containing hard links which use volume drive-letter path names is copied or moved to another volume (or when the drive letter of a volume is reassigned by some other means), such links may no longer point to the corresponding target in the copied structure. Again the results depend on the software that was used for copying; while some programs may intercede by modifying any fully subsumed hard links in the copy in order to preserve structural consistency, others may ignore, copy exactly, or even traverse into hard links, copying their contents.

The serious problems occur if hard links are copied exactly such that they become, in the new copy, cross-volume hard links which still point to original files and folders on the source volume. Unintentional cross-volume hard links, such as hard links in an "archive" folder which still point to locations on the original volume (according to drive letter), are catastrophes waiting to happen. For example, deleting what is much later presumed to be an unused archive directory on an disused backup volume may result in deleting current, active user data or system files.

A preventative measure for the drive-letter hazard is to use volume GUID path syntax[5], rather than paths containing volume drive letters, when specifying the target path for a directory junction. For example, consider creating an alias for X:\Some\Other\Path at X:\Some\Path\Foo:

X:\Some\Path>linkd Foo X:\Some\Other\Path

As described above, if the folder structure that contains the resulting link is moved to a disk with a drive letter other than X:, or if the letter is changed on drive X: itself, the data content at the target location is vulnerable to accidental corruption or malicious abuse. A more resilient version of this link can partially mitigate this risk by referencing the target volume by its GUID identifier value (which can be discovered by running the fsutil volume list command).

X:\Some\Path>linkd Foo \\?\Volume{12345678-abcd-1234--abcdefghijkl}\Some\Other\Path

Doing so ensures that the junction will remain valid if drive letter X: is changed by any means.

As for a proactive means of avoiding directory junction disasters, the command dir /AL /S /B "X:\Some\Path" can be used to obtain, for careful analysis prior to committing any irreversible file system alterations, a list of all hard links "below" a certain file system location. While by definition every link in the resulting list has a path name that starts with X:\Some\Path\, if any of those hard links contains a target which is not subsumed by X:\Some\Path, then the specified scope has been escaped, and the starting directory you specified is not fully-subsuming. Extra caution may be indicated in this case, since the specified directory includes files and directories which reside on other physical volumes, or whose own parent-traversal-to-root does not include the specified directory.

Command-line tools and APIs

mklink
Developer(s)Microsoft, ReactOS Contributors
Initial releaseJanuary 30, 2007; 17 years ago (2007-01-30)
Operating systemWindows, ReactOS
TypeCommand
LicenseWindows: Proprietary commercial software
ReactOS: GNU General Public License
Websitedocs.microsoft.com/en-us/windows-server/administration/windows-commands/mklink

The mklink command is used to create a symbolic link. It is a built-in command of cmd.exe in Windows Vista and later.[6] The command is also available in ReactOS.[7]

The command-syntax is:

mklink [[/d] | [/h] | [/j]] <Link> <Target>
  • /d – This parameter creates a directory symbolic link. mklink creates a file symbolic link by default.
  • /h – This parameter creates a hard link instead of a symbolic link.
  • /j – This parameter creates a Directory Junction.
  • <Link> – This parameter specifies the name of the symbolic link that is being created.
  • <Target> – This parameter specifies the path that the new symbolic link refers to.
  • /? – This parameter displays help.

The Windows 2000 and Windows 2003 Resource Kits include a program called linkd, to create junction points.[8] In Windows XP, junction utility by Mark Russinovich is capable of working with reparse points, now offered by Microsoft as a part of Sysinternals suite.

Windows exposes CreateSymbolicLink function in its API starting from Windows Vista. New-SymLink function uses aforementioned API to implement soft link functionality using PowerShell. Community Extensions also contains function New-SymLink.

For hard links, there is a similar CreateHardLink function in the Win32 API. All versions of Windows NT can use GetFileInformationByHandle() to determine the number of hard links associated with a file. There can be up to 1024 links associated with an MFT entry.[9]

Junctions are more complex to create. They require manual reparse point information filling.[10] A code example is found in libuv.[11] Junctions are defined for directories only: although the API does not fail when one creates a junction pointing to a file, the junction will not be interpreted successfully when used later.

Deletion

On all versions of Windows that support them, hard links and symlinks can be safely deleted like normal files are. However, when asked to delete a junction, Windows explorer pre-Windows Vista will follow the directory and delete all its contents with it.

To correctly remove the junction only, one can use the rmdir command in CMD from Windows Vista or later. Alternatively one can use the fsutil reparsepoint delete command in fsutil.[12] Windows PowerShell had a similar problem with junctions.[13]

On the API level, junctions and symlinks, even those pointing to directories, can be removed with pNtSetInformationFile. Libuv's implementation of unlink on Windows demonstrates this use.[14] Alternatively, the .NET System.IO.Directory::Delete method works on them as well.[13]

Listing junctions

A list of all the junctions present in the current directory can be obtained from an elevated Command Prompt as Admin by executing dir /aL, and a list of all the junctions present on a disk volume, by executing dir /aL /s C:\, where "C:" is the volume to scan.

Other properties

Symbolic links can point to non-existent targets because the operating system does not check to see if the target exists.[15]

Limitations

Symbolic links do not work at boot, so it's impossible to redirect e.g.:

  • hiberfil.sys
  • \Windows
  • \Windows\system32
  • \Windows\system32\Config

Windows Installer does not fully support symbolic links. A redirected \Windows\Installer will cause most .msi-based Windows installers to fail with error 2755 and/or error 1632.

Nevertheless, it is possible to redirect:

  • \Documents and Settings
  • \ProgramData
  • \Program Files
  • \Program Files (x86)
  • \Users

Creating symbolic links for \Users and \ProgramData pointing to another drive is not recommended as it breaks updates and Windows Store Apps.[16]

Creating symbolic links for \Users, \ProgramData, "\Program Files" or "\Program Files (x86)" pointing to other locations breaks installation resp. upgrade of Windows.[17]

Creating symbolic links for "\Program Files" or "\Program Files (x86)" pointing to another drive breaks Windows' Component Based Servicing which hardlinks files from its repository \Windows\WinSxS to their installation directory.

Since Windows XP uses the same NTFS format version as later releases, it's feasible to enable symbolic links support in it. For using NTFS symbolic links under Windows 2000 and XP, a third-party driver exists that does it by installing itself as a file system filter.[18][19]

See also

References

  1. ^ Quote: "Note that Windows does not support junctions to directories on remote shares." Sysinternals Junction documentation[1]
  2. ^ "Symlinks in Windows 10! - Windows Developer BlogWindows Developer Blog". blogs.windows.com.
  3. ^ "Relocation of the Users directory and the ProgramData directory to a drive other than the drive that contains the Windows directory". Retrieved 2015-03-12.
  4. ^ "You encounter an error when trying to install Windows 8.1 due to redirecting the Users or Program Files folder to another partition". Retrieved 2015-03-12.
  5. ^ https://docs.microsoft.com/en-us/dotnet/standard/io/file-path-formats#dos-device-paths
  6. ^ Archiveddocs. "Mklink". technet.microsoft.com.
  7. ^ reactos/mklink.c at master · reactos/reactos · GitHub
  8. ^ Microsoft Knowledge Base, 2007-02-20, How to create and manipulate NTFS junction points, http://support.microsoft.com/kb/205524/en-us, http://www.microsoft.com/en-us/download/details.aspx?id=17657
  9. ^ "MSDN - CreateHardLink function". Retrieved 14 January 2016.
  10. ^ "NTFS Links, Directory Junctions, and Windows Shortcuts". www.flexhex.com. Retrieved 4 October 2019.
  11. ^ "libuv/src/win/fs.c". GitHub. Retrieved 12 December 2019.
  12. ^ "How to Delete a Junction by Using Command Line in Windows 7"
  13. ^ a b "PowerShell Remove Junction". StackOverflow. Retrieved 12 December 2019.
  14. ^ "libuv/src/win/fs.c fs__unlink". GitHub. Retrieved 12 December 2019.
  15. ^ "Programming Considerations (Windows)". msdn.microsoft.com.
  16. ^ "Relocation of the Users directory and the ProgramData directory to a drive other than the drive that contains the Windows directory". Retrieved 2015-03-12.
  17. ^ "You encounter an error when trying to install Windows 8.1 due to redirecting the Users or Program Files folder to another partition". Retrieved 2015-03-12.
  18. ^ Hermann Schinagl (August 23, 2013). "ln - commandline hardlinks - Symbolic links for Windows XP".
  19. ^ リンク/ジャンクション作成ツール