[Samba] wide links and privileges

Emmanuel Garette egarette at cadoles.com
Tue Dec 22 10:32:50 UTC 2015 

Le 22/12/2015 11:22, L.P.H. van Belle a écrit :
> From :   man smb.conf ....  
>
> G is a Global setting
> S is a share setting. 
>
> unix extensions (G)
> allow insecure wide links (G)
> wide links (S)
> follow symlinks (S)
>
> In global add: 
> allow insecure wide links = yes
Not usefull (unix extension is set to "No"). I've tried to set this
option, has expected, there is no differents.
>
>
> on the share add : 
> wide links = yes
> follow symlinks = yes
Those options has no effect (smbd said those option are already set to
"Yes" in this shared).

As I said, I only need to turn "enable extesions" to "No".

Regards,
>
>
>
> Greetz, 
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Emmanuel Garette
>> Verzonden: dinsdag 22 december 2015 11:10
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] wide links and privileges
>>
>> Hi,
>>
>> I'm using samba version samba-4.1.6+dfsg included in last ubuntu LTS
>> version.
>>
>> Here is my smb.conf file:
>>
>> [global]
>>         # configuration du serveur
>>         netbios name = scribe
>>         workgroup = dompedago
>>         server string = scribe
>>         preferred master = yes
>>         domain logons = yes
>>         security = user
>>         ldap passwd sync = yes
>>         passdb backend = ldapsam:ldap://127.0.0.1:389
>>         ldap suffix = o=gouv,c=fr
>>         ldap admin dn = cn=admin,o=gouv,c=fr
>>         ldap ssl = no
>>         domain master = yes
>>         os level = 99
>>         admin users = @DomainAdmins
>>         encrypt passwords = yes
>>         unix extensions = no
>>         wide links = yes
>>
>> [perso]
>>         path = %H/perso
>>         read only = no
>>         valid users = %U
>>         write list = %U
>>
>> In this share, I've a symlink to a directory ouside this share.
>>
>> I've this error:
>>
>> check_reduced_name_with_privilege: Bad access attempt: esu is a symlink
>> outside the share path
>>
>> Option "wide links" is turn to "Yes", so we could access to this
>> directory.
>>
>> If I set "enable privileges" to "No" in Global section, all works fine.
>>
>> When I read source code, I can see that check_reduced_name function
>> check widelinks option but not check_reduced_name_with_privilege one's.
>>
>> Is "wide links" is inconsistent with privileges? I can't see information
>> about this behaviour.
>>
>> Regards,
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>
>


-- 
Emmanuel Garette
Ingénieur logiciels libres

Cadoles (http://www.cadoles.com)
Experts EOLE, Gaspacho, logiciels libres

More information about the samba mailing list