From 8e91bca502378ccf3d2cc9005ec1d76152d6b665 Mon Sep 17 00:00:00 2001
From: stilez <stilez@users.noreply.github.com>
Date: Wed, 7 Mar 2018 13:54:18 +0000
Subject: [PATCH 1/2] Clarify key info about "wide links" setting

Following brief enquiry + comments on samba mailing list a few days ago, this PR seeks to update the description of "wide links" setting, and clarify exactly how it fits in (what it permits/denies) compared to "follow symlinks" and "allow insecure wide links" - the current explanation doesn't really explain these key points.
---
 docs-xml/smbdotconf/misc/widelinks.xml | 32 ++++++++++++++++++--------------
 1 file changed, 18 insertions(+), 14 deletions(-)

diff --git a/docs-xml/smbdotconf/misc/widelinks.xml b/docs-xml/smbdotconf/misc/widelinks.xml
index 09f8aa5c61e..ff699f6505b 100644
--- a/docs-xml/smbdotconf/misc/widelinks.xml
+++ b/docs-xml/smbdotconf/misc/widelinks.xml
@@ -3,23 +3,27 @@
                  type="boolean"
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
-	<para>This parameter controls whether or not links 
-	in the UNIX file system may be followed by the server. Links 
-	that point to areas within the directory tree exported by the 
-	server are always allowed; this parameter controls access only 
-	to areas that are outside the directory tree being exported.</para>
-
-	<para>Note: Turning this parameter on when UNIX extensions are enabled
-	will allow UNIX clients to create symbolic links on the share that
-	can point to files or directories outside restricted path exported
-	by the share definition. This can cause access to areas outside of
-	the share. Due to this problem, this parameter will be automatically
-	disabled (with a message in the log file) if the
-	<smbconfoption name="unix extensions"/> option is on.
+	<para>This parameter controls whether or not the server may follow 
+	symbolic links that point to locations outside the directory tree 
+	exported by the share definition.  It is more permissive than the
+	default <smbconfoption name="follow symlinks"/> option, 
+	which only allows symlinks to be created and followed within the 
+	share directory tree, and is not subject to the security risks of 
+	allowing a connected user to create and follow symlinks without 
+	restriction to any destination.
+	</para>
+	<para>Note: Since UNIX extensions allow unrestricted creation of 
+	symbolic links, turning this parameter on when UNIX extensions are 
+	enabled would allow UNIX clients to create symbolic links within 
+	the share that could point to any files or directories elsewhere in 
+	the UNIX filing system. Due to security implications, this parameter
+	is therefore automatically disabled (with a message in the log file)
+	if the <smbconfoption name="unix extensions"/> option is enabled. 
 	</para>
 	<para>
 	See the parameter <smbconfoption name="allow insecure wide links"/>
-	if you wish to change this coupling between the two parameters.
+	if you wish to disable the coupling between these two parameters, and 
+	allow connected users to create and follow symbolic links to any location.
 	</para>
 </description>
 

From fb955faa2fadf670c1f7f6746b01af5d8ceb42f9 Mon Sep 17 00:00:00 2001
From: stilez <stilez@users.noreply.github.com>
Date: Wed, 7 Mar 2018 13:57:46 +0000
Subject: [PATCH 2/2] minor clarification again

---
 docs-xml/smbdotconf/misc/widelinks.xml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/docs-xml/smbdotconf/misc/widelinks.xml b/docs-xml/smbdotconf/misc/widelinks.xml
index ff699f6505b..d7f6b14f459 100644
--- a/docs-xml/smbdotconf/misc/widelinks.xml
+++ b/docs-xml/smbdotconf/misc/widelinks.xml
@@ -4,12 +4,12 @@
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
 	<para>This parameter controls whether or not the server may follow 
-	symbolic links that point to locations outside the directory tree 
-	exported by the share definition.  It is more permissive than the
-	default <smbconfoption name="follow symlinks"/> option, 
-	which only allows symlinks to be created and followed within the 
-	share directory tree, and is not subject to the security risks of 
-	allowing a connected user to create and follow symlinks without 
+	(but not create or modify) symbolic links that point to locations
+	outside the directory tree exported by the share definition.  It is
+	more permissive than the default <smbconfoption name="follow symlinks"/> 
+	option, which only allows symlinks to be created and followed within
+	the share directory tree, and is not subject to the security risks
+	of allowing a connected user to create and follow symlinks without
 	restriction to any destination.
 	</para>
 	<para>Note: Since UNIX extensions allow unrestricted creation of