[Samba] howto achieve 'hide unreadable' for msdfs symlinks

Konrad Jacobi konrad.jacobi at igp.fraunhofer.de
Thu Apr 18 09:29:04 UTC 2024


Am 17.04.24 um 16:43 schrieb Kees van Vloten via samba:
> On 16-04-2024 16:21, Konrad Jacobi via samba wrote:
>> hi,
>> on a samba domain member file server i'm using dfs root shares with 
>> multiple msdfs symlinks pointing to other shares (on the same server), 
>> which works fine. These linked shares have different access rights, 
>> therefore a user might have access to one linked share but not to 
>> another.
>>
> Another option is to specify the dfsroot "links" completely in smb.conf, 
> like
> 
> [home]
>          msdfs root = yes
>          msdfs proxy = \fileserver\home
>          comment = Home directory
> 
> Although  it does not support the hiding you want, at least it does not 
> have requirements on the filesystem. Perhaps (@Jeremy) it is easier to 
> implement some hiding mechanism on top of this configuration?
> 
> - Kees.
> 
true. At server-level access based share enum works (access based share 
enum = yes), even with dfs proxy "shares".
One also could implement some netbios name based "virtual servers" via 
something like 'include = /etc/samba/smb.%L.conf'.
Both ways work at server level with shares enumeration but not at share 
level while enumerating folders or symlinks (what I need).

Does anyone know when or where "hide unreadable" kicks in? I still have 
some hope on my dirty "xattr security.NTACL on symlinks"-idea ;-)

Konrad

-- 
M. Sc. Konrad Jacobi

Fraunhofer-Institut für Großstrukturen in der Produktionstechnik IGP

Albert-Einstein-Straße 30 │ 18059 Rostock
Tel +49 381 49682-192
Fax +49 381 49682-12

konrad.jacobi at igp.fraunhofer.de
http://www.igp.fraunhofer.de


More information about the samba mailing list