Keeping clients out of some file systems

Michael Gerdts Michael.Gerdts at
Fri May 11 15:22:34 GMT 2001

Typically to keep clients out of file systems that they should not be
poking around on (/ /usr, /var, ...) you have to use "wide links = no",
which apparently has performance problems.

Generally, I don't care if people have symbolic links that point out of
their shares, so long as they don't give away information that they can't
already get through NFS.  That is, if Alice has a symbolic link to Bob's
home directory, I don't care.  If Alice has a symbolic link to /, I care.

Perhaps a new option, "hide filesystems" would be useful.

	hide file systems = / /opt /usr/local

Now when Alice tries to get something out of /home/alice/symlink/bobshome,
the open, readdir, etc, calls would do a stat() on the file or directory to
see if the device (st_dev) is the same as the st_dev of one of the
hidden file systems.  If it is, it returns a failure code.  Presumably
the st_dev's of the hidden file systems are cached so that only one
extra stat() is needed.

Any thoughts?

More information about the samba-technical mailing list