windows - Scenario - NTFS Symbolic Link or Junction?

19
2014-04
  • Unsigned

    Differences

    ┌───────────────┬──────────┬──────────┬──────┬───────────┬─────┐
    │               │ Absolute │ Relative │ File │ Directory │ UNC │
    ├───────────────┼──────────┼──────────┼──────┼───────────┼─────┤
    │ Symbolic link │   Yes    │   Yes    │ Yes  │    Yes    │ Yes │
    │ Junction      │   Yes    │    -     │  -   │    Yes    │  -  │
    └───────────────┴──────────┴──────────┴──────┴───────────┴─────┘
    

    Scenario

    Let's assume we're creating a reparse point to create the redirect C:\SomeDir => D:\SomeDir

    Since this scenario only requires local, absolute paths, either a junction or symlink would work. In this situation, is there any advantage to using one or the other?

    Assume Windows 7 for the OS, disregarding backward-compatibility. (Prior to Vista, symlinks are not supported natively, though there is a 3rd-party driver that provides symlink support on Windows XP.)

    Update

    I have found another difference.

    • Symbolic Link - Link's permissions only affect delete/rename operations on the link itself, read/write access (to the target) is governed by the target's permissions
    • Junction - Junction's permissions affect enumeration, revoking permissions on the junction will deny file listing through that junction, even if the target folder has more permissive ACLs

    The permissions make it interesting, as symlinks can allow legacy applications to access configuration files in UAC-restricted areas (such as %ProgramFiles%) without changing existing access permissions, by storing the files in a non-restricted location and creating symlinks in the restricted directory.

  • Answers
  • Garrett

    I understand NTFS symbolic links to be a replacement for Junctions on newer Windows OSes (Vista/7/8) as they function the same way but also provide additional functionality (remote points). So provided you're only working with newer operating systems, then there's no reason not to use the symbolic link option.

  • haimg

    I think junction points is has wider support in backup software than symbolic links. You should check with whatever backup program you're using what feature is supported.

    If unsupported, the symlink/junction point will either be backed up as a separate directory (and restored as such), or not backed up at all.

    Other than the backup issue, I don't see a reason to prefer one over the other, in your specific case (local directory).

  • grawity

    NTFS junctions can only be pointed to directories, while symlinks also work on files.

  • paradroid

    Here is one difference which I have noticed:

    I have a synced directory of scripts, portable apps, etc. I use a batch script to make a Junction in the Start Menu directory which points to a directory of shortcuts for the portable apps.

    A Junction allows the shortcuts to appear in the Start Menu. When I use a Symbolic Link instead, it does not work.


  • Related Question

    ntfs - Why can't normal users on Windows create symbolic links?
  • Questioner

    Beginning with Windows Vista NTFS gained the ability to represent symbolic links to files (as opposed to directory junctions). Also the mklink utility appeared. However, non-administrative users can't create symbolic links by default. Any insights on why that may be so? I mean, what kind of damage could a user do with symlinks he can't do with hardlinks or directory junctions (both of which can be created without administrative privileges without problems)?


  • Related Answers
  • Area 51

    Symlinks are actually less dangerous than hardlinks, true. I don't think the issue here is security but administrative efficiency. I think Microsoft made the right decision as it will drive sysadmin nuts when users start to create symlinks everywhere without knowing what they are doing.

    In Mac OS, shortcuts are symlinks. So conceptually it's less confusing, since it's been like that since the beginning. And for Linux fans, you don't need to be told what are symlinks. ;-)

    But it's not true for Windows. Imagine explaining to the average user the difference between a good old Windows shortcut, a symlink and directory junction/hardlink and you'll soon realize that giving such power to the masses will be opening a huge can of wriggly tech support worms.

    That's my two cents.