Disabling of "wide links" violates "principle of least surprise"

[Jeremy Allison]

On Mon, May 10, 2010 at 07:08:10PM +0200, Alain Knaff (Samba Lists) wrote:
> On 09/05/10 19:13, Jeremy Allison wrote:
> > On Sat, May 08, 2010 at 02:10:23PM +0200, Volker Lendecke wrote:
> >>
> >> Just to make sure I understand you right: You want Samba to
> >> report and follow existing wide links but not allow setting
> >> them at all from the client if wide links are enabled? This
> >> might indeed be a compromise. Jeremy should comment here.
> > 
> > Actually we already considered and rejected this option
> > when we were discussing what to do.
> 
> Could you post an URL to this discussion, so that I can view the reasons
> brought forth?

You'll have to search on samba-technical, I don't have the
url handy.

> But this could happen anyways. One example is the read-only share case,
> another one is a directory to which the user has no (Unix) write rights.

Yes, but in this case there are no surprises. In the read-only case,
all writes/creates fail. In the no-write rights case a simple ls -l
will show this. The user has a way to see and understand what is going
on. Arbitrarily disabling symlink creation is utterly mistifying for
the user. Something just "doesn't work", with no way to understand
why.

> Sorry to be so blunt, but I still get the impression that all this is
> more about ego than about "To serve our users best".

What ego ? Whose ego would be served by this ? That makes
no sense, sorry. It was the best decision we could make
to ensure default users are secure. Sorry you don't agree
but you didn't turn up when the original problem occurred,
and most comments from people who did were in favour of
the solution we decided.

If you want this changed, you'll have to get a majority
of people to agree with you, including the security teams
of the major distributions, who reviewed our decision before
we made it. Do you normally find that insulting people works
to get what you want ?

Jeremy.