diff options
author | Jeremy Allison <jra@samba.org> | 2011-09-13 16:42:09 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2011-09-14 03:55:45 +0200 |
commit | fbbfdbd64818252784e9ba2ab87af3a02bacde22 (patch) | |
tree | c1bc314c351dfe6bbfdfb4b7b27712e271430cb7 /docs-xml/smbdotconf | |
parent | 84a4289b5236e38ab0afc6ef3c784d202c6b3c2c (diff) | |
download | samba-fbbfdbd64818252784e9ba2ab87af3a02bacde22.tar.gz samba-fbbfdbd64818252784e9ba2ab87af3a02bacde22.tar.bz2 samba-fbbfdbd64818252784e9ba2ab87af3a02bacde22.zip |
Fix bug #8229 - git patch attached against 3.6.0-rc2 to fix 'widelinks' regression intro'd in 3.2
Add "allow insecure widelinks" to re-enable the ability (requested
by some sites) to have "widelinks = yes" and "unix extensions = yes".
Based on an original patch by Linda Walsh <samba@tlinx.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Sep 14 03:55:45 CEST 2011 on sn-devel-104
Diffstat (limited to 'docs-xml/smbdotconf')
-rw-r--r-- | docs-xml/smbdotconf/misc/allowinsecurewidelinks.xml | 37 | ||||
-rw-r--r-- | docs-xml/smbdotconf/misc/widelinks.xml | 4 | ||||
-rw-r--r-- | docs-xml/smbdotconf/protocol/unixextensions.xml | 4 |
3 files changed, 45 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/misc/allowinsecurewidelinks.xml b/docs-xml/smbdotconf/misc/allowinsecurewidelinks.xml new file mode 100644 index 0000000000..a8a099190b --- /dev/null +++ b/docs-xml/smbdotconf/misc/allowinsecurewidelinks.xml @@ -0,0 +1,37 @@ +<samba:parameter name="allow insecure wide links" + context="G" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + In normal operation the option <smbconfoption name="wide links"/> + which allows the server to follow symlinks outside of a share path + is automatically disabled when <smbconfoption name="unix extensions"/> + are enabled on a Samba server. This is done for security purposes + to prevent UNIX clients creating symlinks to areas of the server + file system that the administrator does not wish to export. + </para> + <para> + Setting <smbconfoption name="allow insecure wide links"/> to + true disables the link between these two parameters, removing + this protection and allowing a site to configure + the server to follow symlinks (by setting <smbconfoption name="wide links"/> + to "true") even when <smbconfoption name="unix extensions"/> + is turned on. + </para> + <para> + If is not recommended to enable this option unless you + fully understand the implications of allowing the server to + follow symbolic links created by UNIX clients. For most + normal Samba configurations this would be considered a security + hole and setting this parameter is not recommended. + </para> + <para> + This option was added at the request of sites who had + deliberately set Samba up in this way and needed to continue + supporting this functionality without having to patch the + Samba code. + </para> +</description> +<value type="default">no</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/misc/widelinks.xml b/docs-xml/smbdotconf/misc/widelinks.xml index 1c30bb768a..da1374afab 100644 --- a/docs-xml/smbdotconf/misc/widelinks.xml +++ b/docs-xml/smbdotconf/misc/widelinks.xml @@ -17,6 +17,10 @@ disabled (with a message in the log file) if the <smbconfoption name="unix extensions"/> option is on. </para> + <para> + See the parameter <smbconfoption name="allow insecure wide links"/> + if you wish to change this coupling between the two parameters. + </para> </description> <value type="default">no</value> diff --git a/docs-xml/smbdotconf/protocol/unixextensions.xml b/docs-xml/smbdotconf/protocol/unixextensions.xml index d816648836..61a39cb763 100644 --- a/docs-xml/smbdotconf/protocol/unixextensions.xml +++ b/docs-xml/smbdotconf/protocol/unixextensions.xml @@ -14,6 +14,10 @@ Note if this parameter is turned on, the <smbconfoption name="wide links"/> parameter will automatically be disabled. </para> + <para> + See the parameter <smbconfoption name="allow insecure wide links"/> + if you wish to change this coupling between the two parameters. + </para> </description> <value type="default">yes</value> |