[Samba] unix exts / wide links / symlinks
Brother Railgun of Reason
alaric at caerllewys.net
Wed Mar 3 12:29:47 MST 2010
On Wed, Mar 03, 2010 at 11:25:03AM -0800, Jeremy Allison wrote:
> On Wed, Mar 03, 2010 at 01:58:58PM -0500, Brother Railgun of Reason wrote:
> > This can be interpreted either of two ways. Do you mean that you think
> > users should not be able to *enable* following wide symlinks (which I
> > understand to mean symbolic links whose target is located outside the
> > share), or should not be able to *disable* it?
> Users should not be able to enable following wide symlinks
> if "unix extensions = yes" (which means that symlinks can
> be dynamically created by clients).
> That's the basis of the security problem.
> If you want to allow both following wide symlinks
> and arbitrary client creation of symlinks then
> you need to change the code and recompile, as
> the combination is inherently unsafe.
Ahhh. That makes sense. I didn't know there was a capability for
Windows clients to be able to create Unix symlinks on a Samba share.
Phil Stracchino, CDK#2 DoD#299792458 ICBM: 43.5607, -71.355
alaric at caerllewys.net alaric at metrocast.net phil at co.ordinate.org
Renaissance Man, Unix ronin, Perl hacker, Free Stater
It's not the years, it's the mileage.
More information about the samba