git patch 'client managed wide links (w documentation updated)'....
samba at tlinx.org
Mon Jun 13 02:22:29 MDT 2011
Tested with the downloaded 3.6.0-rc2 candidate with patches install...
but running into odd performance probs that I'm not sure if are
samba probs or not (I _did_ try enabling SMB2, but wireshark says that
was a nogo)... I didn't compile w/devel, or debug or profiling, so not
sure ... but the 'feature' works... not so sure about 3.6's
will have to use it some more....
So, what else is needed to get this in?
So far the comments have been overwhelming....
Linda Walsh wrote:
> Following is git patch, with documentation describing security risks, as
> originally discussed, for this feature's inclusion....
> Note...I have NOT tested it in the 3.6 branch, as the change doesn't
> seem to affect any other code. It was tested in my local 3.5.7 branch.
> Without the param, it fails, (as it currently does), to follow the
> with the param, it follows the link...
> Note, I clarified the 'widelinks' part of the docs, as it seemed to
> that widelinks would be followed if the pointed inside directory that was
> in the shared section of the config file. I felt this was unclear --
> they are only followed within the same share, not across shares.
> From f97bacf54db1b8d81e0f8f6372f7c6ee628d60ea Mon Sep 17 00:00:00 2001
> From: L.A. Walsh <samba at tlinx.org>
> Date: Sun, 12 Jun 2011 17:02:40 -0700
> Subject: [PATCH 1/2] client-managed-widelinks patch+doc changes
> .../smbdotconf/misc/clientmanagedwidelinks.xml | 34
> 1 files changed, 34 insertions(+), 0 deletions(-)
> create mode 100644 docs-xml/smbdotconf/misc/clientmanagedwidelinks.xml
> diff --git a/docs-xml/smbdotconf/misc/clientmanagedwidelinks.xml
> new file mode 100644
> index 0000000..655a1e7
> --- /dev/null
> +++ b/docs-xml/smbdotconf/misc/clientmanagedwidelinks.xml
> @@ -0,0 +1,34 @@
> +<samba:parameter name="client managed wide links"
> + context="G"
> + type="boolean"
> + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
> + <para>
> + This parameter can allow users on client systems to manage
> + the <smbconfoption name="wide links"/> created on a server. In
> + order to do this, <smbconfoption name="unix extensions"/> must also
> + be "on". Normally, <smbconfoption name="wide links"/> and
> + <smbconfoption name="unix extensions"/> may not be "on" or "true"
> + at the same time, but this parameter specifically allows it.
> + This parameter creates similar security issues as allowing
> + the same userid to have a local account on the server, where, they
> + could manage/create symlinks that point to objects (files,
> + directories, sockets, ... any unix file type) on disparate parts of
> + the system, both on shared and unshared parts of the system. Unix
> + users have had this ability 'forever', it's controlled by normal
> + file permissions. A symlink to /etc/shadow still won't be readable
> + (let alone writable) by 'everyone', but only by 'root' and it's
> + owning group.
> + If your users have local accounts on the server, this
> + parameter should provide no decrease in security. Users won't be
> + able to create links in shares that they don't already have access
> + to running as their user. If they have server admin priviledges
> + or 'Domain Admin' priviledges, they they may have write access to
> + any share as permitted by those priviledges.
> + </para>
> +<value type="default">no</value>
More information about the samba-technical