[Samba] unix exts / wide links / symlinks

Linda W samba at tlinx.org
Tue Apr 6 17:44:02 MDT 2010


Jeremy Allison wrote:
> On Wed, Mar 03, 2010 at 03:38:58PM +0100, Stefan Götz wrote:
>> Setting the 'wide links' option to yes and/or the 'follow symlinks' to no on the
>> server has no effect, neither globally nor on a per-share basis. Is there any
>> other way to tell smbd to not meddle with symlinks?
> 
> Remove the check in lp_widelinks() (param/loadparm.c) and recompile.
> 
> We got bitten badly enough by this that I don't think
> this should be a user settable parameter I'm afraid.
> 
> Jeremy.
----
	I disagree with this decision as well -- I'm bitten by this
and can't mount my share and give my clients access.  I use wide links
and also would expect them to work on my unix-extended clients (including,
I believe, cygwin on windows (?)).   

	I don't give access to people who would abuse such privileges, so in
my situation, the previous setup is far preferable.  I don't want to have
to recompile, from sources, EVERY future release and every future update
I sometimes get *autoupdated* from my linux-vendor. 

	As it stands -- with any autodate, or any update, I load from my vendor,
I will find my whole setup failing -- as these links are key to my setup working.
I'll have to recompile every update the instant it hits -- and if autoupdate is
turned on  -- the first I'll see is no client being able to access their personal
Documents folder -- which is put in a separate location for various administrative
reasons.

	This has really 'bit' me, by the way -- I read that I needed to 
explicitly turn on wide links, now, which I did -- but then still most things
didn't work.  Why? because wide links being turned on was ignored!  Why? Because
the default is unix extensions=yes, and that overrides my explicit
wide links = on statement.  The fix for me is not to turn off unix extensions,
as I use those as well.  


	To address your concerns and allow things to work as before, make
"wide links" a tri-state: {off, on, insecure}, with insecure allowing the
feature to function as before.

	Otherwise, there's no way I can support my current setup -- since
a user's homedir doesn't physically contain their 'Documents' (this was
done, by the way, because some users have have multiple profiles who
want their Documents to be auto-shared across all profiles.  

	For example, I have 2 logins: "me at localmachine" and "me at mydomain".
Currently both use the same documents folder and this has been transparently handled on the server.  Documents on the server is a wide-link out of the profiles to the shared Documents folder.  Was working great before 3.4.5.

Wouldn't the tristate allay your concerns?  I can simply put 'wide links=insecure'
in my global and it will enable the old behavior (regardless of the unix extensions
setting).

-linda

meanwhile, I guess it's time to pull sources for my distro and start doing some rebuilding...  what a pain.


	


More information about the samba mailing list