State of unix extensions and symlink support
Kees van Vloten
keesvanvloten at gmail.com
Thu Feb 1 20:37:16 UTC 2024
On 01-02-2024 21:09, Jeremy Allison via samba-technical wrote:
> On Thu, Feb 01, 2024 at 08:41:14PM +0100, lukaro via samba-technical
> wrote:
>> You're right, mfsymlinks is a workaround, but I need the symlinks to
>> be symlinks
>> on the Server as well.
>
> That creates a *HUGE* security problem and a rich source
> of future CVE'. Samba will likely by default not implement
> server-side symlinks created from an SMB3 client.
>
Does the issue include relative symlinks within the share?
The usecase I have in mind is this one: I have a git repo that contains
symlinks. The repo is cloned in a path in my homedir (currently shared
nfs from the server /home). Now when I ssh into the server I can still
see and use the exact same git repo tree and follow the symlinks it
contains.
Would I use smb3 the cloned repo on my client is unix usable, but the
same file tree on the server contains unusable reparse-points, i.e. the
server view of my repo is completely useless. Not nice!
I do understand the security concerns, though, but it would be nice if
there would be a way to be able to get the same unix-like dir-tree
everywhere.
With the above restrictions, the only way I could see this happening is
to use a third location which is then smb-mounted in both places, i.e. :
smb.conf: [homes] path=/smbshares/homedirs
server: mount smb:/homes /home
client: : mount smb:/homes /home
With this setup reparse-points are parsed correctly, both on the client
and on server for the /home/<userA>/<more subdirs here> path.
- Kees.
More information about the samba-technical
mailing list