[Samba] wide links and privileges
egarette at cadoles.com
Tue Dec 22 10:32:50 UTC 2015
Le 22/12/2015 11:22, L.P.H. van Belle a écrit :
> From : man smb.conf ....
> G is a Global setting
> S is a share setting.
> unix extensions (G)
> allow insecure wide links (G)
> wide links (S)
> follow symlinks (S)
> In global add:
> allow insecure wide links = yes
Not usefull (unix extension is set to "No"). I've tried to set this
option, has expected, there is no differents.
> on the share add :
> wide links = yes
> follow symlinks = yes
Those options has no effect (smbd said those option are already set to
"Yes" in this shared).
As I said, I only need to turn "enable extesions" to "No".
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Emmanuel Garette
>> Verzonden: dinsdag 22 december 2015 11:10
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] wide links and privileges
>> I'm using samba version samba-4.1.6+dfsg included in last ubuntu LTS
>> Here is my smb.conf file:
>> # configuration du serveur
>> netbios name = scribe
>> workgroup = dompedago
>> server string = scribe
>> preferred master = yes
>> domain logons = yes
>> security = user
>> ldap passwd sync = yes
>> passdb backend = ldapsam:ldap://127.0.0.1:389
>> ldap suffix = o=gouv,c=fr
>> ldap admin dn = cn=admin,o=gouv,c=fr
>> ldap ssl = no
>> domain master = yes
>> os level = 99
>> admin users = @DomainAdmins
>> encrypt passwords = yes
>> unix extensions = no
>> wide links = yes
>> path = %H/perso
>> read only = no
>> valid users = %U
>> write list = %U
>> In this share, I've a symlink to a directory ouside this share.
>> I've this error:
>> check_reduced_name_with_privilege: Bad access attempt: esu is a symlink
>> outside the share path
>> Option "wide links" is turn to "Yes", so we could access to this
>> If I set "enable privileges" to "No" in Global section, all works fine.
>> When I read source code, I can see that check_reduced_name function
>> check widelinks option but not check_reduced_name_with_privilege one's.
>> Is "wide links" is inconsistent with privileges? I can't see information
>> about this behaviour.
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
Ingénieur logiciels libres
Experts EOLE, Gaspacho, logiciels libres
More information about the samba