[Samba] wide links and privileges

L.P.H. van Belle belle at bazuin.nl
Tue Dec 22 10:22:30 UTC 2015 

>From :   man smb.conf ....  

G is a Global setting
S is a share setting. 

unix extensions (G)
allow insecure wide links (G)
wide links (S)
follow symlinks (S)

In global add: 
allow insecure wide links = yes


on the share add : 
wide links = yes
follow symlinks = yes



Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Emmanuel Garette
> Verzonden: dinsdag 22 december 2015 11:10
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] wide links and privileges
> 
> Hi,
> 
> I'm using samba version samba-4.1.6+dfsg included in last ubuntu LTS
> version.
> 
> Here is my smb.conf file:
> 
> [global]
>         # configuration du serveur
>         netbios name = scribe
>         workgroup = dompedago
>         server string = scribe
>         preferred master = yes
>         domain logons = yes
>         security = user
>         ldap passwd sync = yes
>         passdb backend = ldapsam:ldap://127.0.0.1:389
>         ldap suffix = o=gouv,c=fr
>         ldap admin dn = cn=admin,o=gouv,c=fr
>         ldap ssl = no
>         domain master = yes
>         os level = 99
>         admin users = @DomainAdmins
>         encrypt passwords = yes
>         unix extensions = no
>         wide links = yes
> 
> [perso]
>         path = %H/perso
>         read only = no
>         valid users = %U
>         write list = %U
> 
> In this share, I've a symlink to a directory ouside this share.
> 
> I've this error:
> 
> check_reduced_name_with_privilege: Bad access attempt: esu is a symlink
> outside the share path
> 
> Option "wide links" is turn to "Yes", so we could access to this
> directory.
> 
> If I set "enable privileges" to "No" in Global section, all works fine.
> 
> When I read source code, I can see that check_reduced_name function
> check widelinks option but not check_reduced_name_with_privilege one's.
> 
> Is "wide links" is inconsistent with privileges? I can't see information
> about this behaviour.
> 
> Regards,
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list