[Samba] Wide links and insecure wide links

Jeremy Allison jra at samba.org
Wed Feb 28 19:48:33 UTC 2018

On Wed, Feb 28, 2018 at 07:30:45PM +0000, Stilez wrote:
> Thanks - that much I (pretty much) got.
> Its really the "wide links" option that isn't well distinguished/clarified.
> *insecure* wide links is much more clear, although the detail you've given
> helps a lot.
> What exactly is the "ordinary" "wide links = yes" option going to do (with
> or without Unix extensions), and how does it compare/how much exposure to
> mischief does it expose?

"ordinary" "wide links = yes" means the
server will follow symlinks on the file
system that point outside the root of the
share definition. If set to off (default),
the server will refuse to follow symlinks
that point outside of the root of the
share definition, but will follow symlinks
that point within the share.

If this is turned on, it disables SMB1
unix extensions (which allow symlinks
to be created by the client) unless
"insecure wide links" is *also* turned

More information about the samba mailing list