[Samba] wide links and privileges

Emmanuel Garette egarette at cadoles.com
Tue Dec 22 10:10:09 UTC 2015


I'm using samba version samba-4.1.6+dfsg included in last ubuntu LTS

Here is my smb.conf file:

        # configuration du serveur
        netbios name = scribe
        workgroup = dompedago
        server string = scribe
        preferred master = yes
        domain logons = yes 
        security = user
        ldap passwd sync = yes
        passdb backend = ldapsam:ldap://
        ldap suffix = o=gouv,c=fr
        ldap admin dn = cn=admin,o=gouv,c=fr
        ldap ssl = no
        domain master = yes
        os level = 99
        admin users = @DomainAdmins
        encrypt passwords = yes
        unix extensions = no
        wide links = yes
        path = %H/perso
        read only = no
        valid users = %U
        write list = %U

In this share, I've a symlink to a directory ouside this share.

I've this error:

check_reduced_name_with_privilege: Bad access attempt: esu is a symlink
outside the share path

Option "wide links" is turn to "Yes", so we could access to this directory.

If I set "enable privileges" to "No" in Global section, all works fine.

When I read source code, I can see that check_reduced_name function
check widelinks option but not check_reduced_name_with_privilege one's.

Is "wide links" is inconsistent with privileges? I can't see information
about this behaviour.


More information about the samba mailing list