[Samba] can't turn on wide links in homedir

Jeremy Allison jra at samba.org
Mon Sep 12 11:21:46 MDT 2011


On Mon, Sep 12, 2011 at 02:21:12PM +0200, umage wrote:
> Hi, I discovered that it's not possible to run 'wide links' and
> 'unix entensions' at the same time - there are source-level blockers
> in place that will disable wide links and write a log entry. I
> traced this to https://bugzilla.samba.org/show_bug.cgi?id=7104 and
> http://www.samba.org/samba/news/symlink_attack.html ...
> 
> However, I run a private home LAN server that already exposes /
> (root) as a share to all authenticated (and unauthenticated)
> clients. Therefore this issue is irrelevant to me. Furthermore, I
> want to organize some per-user directories (~/public_html for www,
> ~/storage for large files, and so on) in a separate location, and I
> can't do this without wide links. The restriction kills off my usage
> scenario.

Sorry about that.

> When the abovementioned 'security' fixes were done, why weren't the
> developers content with just changing the defaults, and maybe
> printing a warning on startup? Why did they add this restriction
> without a way to turn it off? Should I file a bugreport to have
> these blockers removed?

We needed to make it impossible to configure Samba insecurely.
At the time this was proposed, it was posted to the list and
no dissenting voices were heard.

Since then there have been a couple of people with the desire
to configure Samba in a completely insecure mode like yourself,
and there is a proposed patch to allow Samba to be run with
this known security hole. As you may imagine, I'm not too keen
on this but we may decide to add it in for people who desire
insecure setups.

Jeremy.


More information about the samba mailing list