[opensuse] Re: SV: How do I make smbd to follow symlinks?
Anders Norrbring wrote:
On Mon, 2011-06-27 at 10:41 +0200, Anders Norrbring wrote:
Hi.. I’m trying to make smbd to follow symlinks on a machine based on openSUSE 11.4 x86_64, in my smb.conf I have this for the share in question:
(a) this is a bad idea (b) man smb.conf --> "wide links"
<QUOTE> This parameter controls whether or not links in the UNIX file system may be followed by the server. Links that point to areas within the directory tree exported by the server are always allowed; this parameter controls access only to areas that are outside the directory tree being exported. </QUOTE>
The symlink does point outside the exported tree. The export is /srv/www and the symlink is /srv/www/homes which points to /home Anyway, I tried setting this in the global section: unix extensions = no follow symlinks = yes as well as follow symlinks = yes in the share config. I still can't access the symlinked directory from /srv/www so the question is if there's a bug in openSUSE's implementation of the samba server. Read Adam's email again.
You need wide links = yes as well. Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 6/27/2011 11:27 AM, Joachim Schrod wrote:
Anders Norrbring wrote:
On Mon, 2011-06-27 at 10:41 +0200, Anders Norrbring wrote:
Hi.. I’m trying to make smbd to follow symlinks on a machine based on openSUSE 11.4 x86_64, in my smb.conf I have this for the share in question:
(a) this is a bad idea (b) man smb.conf --> "wide links"
<QUOTE> This parameter controls whether or not links in the UNIX file system may be followed by the server. Links that point to areas within the directory tree exported by the server are always allowed; this parameter controls access only to areas that are outside the directory tree being exported. </QUOTE>
The symlink does point outside the exported tree. The export is /srv/www and the symlink is /srv/www/homes which points to /home Anyway, I tried setting this in the global section: unix extensions = no follow symlinks = yes as well as follow symlinks = yes in the share config. I still can't access the symlinked directory from /srv/www so the question is if there's a bug in openSUSE's implementation of the samba server. Read Adam's email again.
You need wide links = yes as well.
Joachim
Wide links = Yes was the default until about this time last year. There there was a huge hubbub on the net about a claimed zero-day exploit of /etc/passwd which Samba.org mentioned here: http://www.samba.org/samba/news/symlink_attack.html Samba changed the default, but I still fail to see how simple read access to /etc/passwd is a big deal. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anders Norrbring wrote:
On Mon, 2011-06-27 at 10:41 +0200, Anders Norrbring wrote:
Hi.. I’m trying to make smbd to follow symlinks on a machine based on openSUSE 11.4 x86_64, in my smb.conf I have this for the share in question:
(a) this is a bad idea (b) man smb.conf --> "wide links"
<QUOTE> This parameter controls whether or not links in the UNIX file system may be followed by the server. Links that point to areas within the directory tree exported by the server are always allowed; this parameter controls access only to areas that are outside the directory tree being exported. </QUOTE>
The symlink does point outside the exported tree. The export is /srv/www and the symlink is /srv/www/homes which points to /home Anyway, I tried setting this in the global section: unix extensions = no follow symlinks = yes as well as follow symlinks = yes in the share config. I still can't access the symlinked directory from /srv/www so the question is if there's a bug in openSUSE's implementation of the samba server. Read Adam's email again.
You need wide links = yes as well.
Joachim
I've tried that, it doesn't doa ny good. I've tested using it both in the global section (recognized) and in the share section (error, should be used in the global section). It seems like I'm in a deadlock, perhaps I should post a bugzilla report? It doesn't work in any version after 11.1, the latest I've tried is 12.1 MS2. Anders. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hello, On Mon, 27 Jun 2011, Anders Norrbring wrote:
Anders Norrbring wrote: [..]
The symlink does point outside the exported tree. The export is /srv/www and the symlink is /srv/www/homes which points to /home [..] I've tried that, it doesn't doa ny good. I've tested using it both in the global section (recognized) and in the share section (error, should be used in the global section).
Try a bind-mount, e.g. in your fstab: /dev/... /home ... /home /srv/www/homes none bind HTH, -dnh -- / panic("Foooooooood fight!"); \ \ -- /usr/src/linux/drivers/scsi/aha1542.c / -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (4)
-
Anders Norrbring -
David Haller -
Joachim Schrod -
John Andersen