samba and multiple servers
Paul J Collins
pjdc at eircom.net
Tue Jul 11 17:41:34 GMT 2000
>>>>> "Richard" == Richard Sharpe <sharpe at ns.aus.com> writes:
Richard> At 10:30 AM 7/11/00 +1000, Matthew Geddes wrote:
>> Does Samba follow Unix symlinks? Not the same, I know, but it could help
>> ni some cases.
Richard> Yes, it does follow symlinks. The default is on, but you
Richard> can control it with the 'wide links' parameter or some
Richard> such ...
What "wide links" does is make sure that symbolic links don't point
outside the shared tree. It's an expensive option to use; every file
opened must be lstat'd and if it is a link, a readlink call must be
made to check it (i.e. one system call per file open, and possibly
two). And if that points to a file/directory inside the tree, then
*that* must be checked (more system calls). If potentially malicious
people do not have Unix-level access (i.e. such that they could create
a symlink) to the Samba shares, then leave "wide links = on".
Note also that the symlink interpretation is done by the OS kernel on
the Samba server; it is therefore not possible to symlink to shares on
other servers.
Paul.
--
Paul Collins <pjdc at eircom.net> - - - - - - - [ A&P,a&f ]
GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD
PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C
"Where? Where is the town? Now it's nothing but flowers!"
More information about the samba-ntdom
mailing list