[Samba] howto achieve 'hide unreadable' for msdfs symlinks
Konrad Jacobi
konrad.jacobi at igp.fraunhofer.de
Thu Apr 18 09:29:04 UTC 2024
Am 17.04.24 um 16:43 schrieb Kees van Vloten via samba:
> On 16-04-2024 16:21, Konrad Jacobi via samba wrote:
>> hi,
>> on a samba domain member file server i'm using dfs root shares with
>> multiple msdfs symlinks pointing to other shares (on the same server),
>> which works fine. These linked shares have different access rights,
>> therefore a user might have access to one linked share but not to
>> another.
>>
> Another option is to specify the dfsroot "links" completely in smb.conf,
> like
>
> [home]
> msdfs root = yes
> msdfs proxy = \fileserver\home
> comment = Home directory
>
> Although it does not support the hiding you want, at least it does not
> have requirements on the filesystem. Perhaps (@Jeremy) it is easier to
> implement some hiding mechanism on top of this configuration?
>
> - Kees.
>
true. At server-level access based share enum works (access based share
enum = yes), even with dfs proxy "shares".
One also could implement some netbios name based "virtual servers" via
something like 'include = /etc/samba/smb.%L.conf'.
Both ways work at server level with shares enumeration but not at share
level while enumerating folders or symlinks (what I need).
Does anyone know when or where "hide unreadable" kicks in? I still have
some hope on my dirty "xattr security.NTACL on symlinks"-idea ;-)
Konrad
--
M. Sc. Konrad Jacobi
Fraunhofer-Institut für Großstrukturen in der Produktionstechnik IGP
Albert-Einstein-Straße 30 │ 18059 Rostock
Tel +49 381 49682-192
Fax +49 381 49682-12
konrad.jacobi at igp.fraunhofer.de
http://www.igp.fraunhofer.de
More information about the samba
mailing list