[Samba] Symlink outside the share path

Taylor, Jonn jonnt at taylortelephone.com
Tue Aug 19 18:50:39 MDT 2014 

       follow symlinks (S)

           This parameter allows the Samba administrator to stop smbd(8)
from following symbolic links in a particular share. Setting this
parameter to no
           prevents any file or directory that is a symbolic link from
being followed (the user will get an error). This option is very useful
to stop users
           from adding a symbolic link to /etc/passwd in their home
directory for instance. However it will slow filename lookups down slightly.

           This option is enabled (i.e.  smbd will follow symbolic
links) by default.

           Default: follow symlinks = yes

On 08/19/2014 07:18 PM, Kathy wrote:
> Hello everyone --
>
> I am stumped on this issue, mostly because I'm not quite sure if it's
> behaving correctly or not.  I believe this used to work and right now I'm
> not quite sure why it's no longer doing so and how to fix it (if possible).
>  I suspect it is because of my recent update of the OS and Samba version.
>
> When users are trying to follow a symlink that goes to a different mounted
> filesystem on the same Samba server, they are getting:
> *  reduce_name: Bad access attempt: <path> is a symlink outside the share
> path*
>
>
> I have a server that is both an NFS and a Samba server.  It is running RHEL
> 5.10 and Samba 3.0.33 (native RHEL packages). I recently patched from 5.2
> to 5.10 and this also updated Samba to the current release.
>
> My smb.conf file has me exporting /datavol/asic.as \\myserver\asic.
> This works just fine for all users on Windows for files/subdirs in that
> /datavol/asic path.
>
> The problem comes when they try to get to files that are softlinked to
> /globalscratch2 from /datavol/asic directories.
>
> I have tried this both with and without exporting /globalscratch2 via
> Samba.  Same results.
>
> Previously, I had not exported /globalscratch2.
>
> If someone had a simlink that was like this:
>
> /datavol/asic/banshee/sim --> /globalscratch2/banshee/sim
>
> They would be able to get to it with this path no problem:
> \\myserver\banshee\sim
>
> Any non-symbolic link subdirs are accessible just fine like this
> \\myserver\banshee\localsubdir
>
> I have another scratch dir NFS mounted on myserver as /globalscratch.  I am
> not exporting this via Samba from myserver because it doesn't own the
> filesystem.  I would understand the "symlink outside the share path" with
> an NFS mount on myserver, although from myserver's perspective it is a
> local file system.
>
> I have always had the following in my smb.conf file:
>
> follow symlinks = yes
>
> I have tried adding:
>
> wide links = yes
> AND
> unix extensions = no
>
> to both the [global] section and to my share definition and nothing works.
>
> Is there a way to get this to work?  IS it something that can work in later
> versions of Samba.  I know it used to.  Both my users and I remember it
> working so I know I'm not completely crazy.
>
> Thanks!
>
> Kathy

More information about the samba mailing list