...
The path name passed to this function must be canonicalized (see FIO02-A. Canonicalize path names originating from untrusted sources), otherwise there may be directories above it which do not get checked because they are bypassed by following a symbolic link. The function checks every directory in the canonical path, ensuring that every directory is owned by the current user or by root, that the leaf directory disallows write access to everyone but the owner, and that all other directories in the path forbid other users from deleting or renaming files (either by turning off group write access and world write access, or by turning on the sticky bit).
...