From bd269443e311d96ef495a9db47d1b95eb83bb8f4 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 5 Feb 2010 15:20:18 -0800 Subject: Fix bug 7104 - "wide links" and "unix extensions" are incompatible. Change parameter "wide links" to default to "no". Ensure "wide links = no" if "unix extensions = yes" on a share. Fix man pages to refect this. Remove "within share" checks for a UNIX symlink set - even if widelinks = no. The server will not follow that link anyway. Correct DEBUG message in check_reduced_name() to add missing "\n" so it's really clear when a path is being denied as it's outside the enclosing share path. Jeremy. --- docs-xml/smbdotconf/misc/widelinks.xml | 13 +++++++++---- docs-xml/smbdotconf/protocol/unixextensions.xml | 3 +++ 2 files changed, 12 insertions(+), 4 deletions(-) (limited to 'docs-xml') diff --git a/docs-xml/smbdotconf/misc/widelinks.xml b/docs-xml/smbdotconf/misc/widelinks.xml index fb707c1950..1c30bb768a 100644 --- a/docs-xml/smbdotconf/misc/widelinks.xml +++ b/docs-xml/smbdotconf/misc/widelinks.xml @@ -9,10 +9,15 @@ server are always allowed; this parameter controls access only to areas that are outside the directory tree being exported. - Note that setting this parameter can have a negative - effect on your server performance due to the extra system calls - that Samba has to do in order to perform the link checks. + Note: Turning this parameter on when UNIX extensions are enabled + will allow UNIX clients to create symbolic links on the share that + can point to files or directories outside restricted path exported + by the share definition. This can cause access to areas outside of + the share. Due to this problem, this parameter will be automatically + disabled (with a message in the log file) if the + option is on. + -yes +no diff --git a/docs-xml/smbdotconf/protocol/unixextensions.xml b/docs-xml/smbdotconf/protocol/unixextensions.xml index da9ad10a29..36e72d2a9f 100644 --- a/docs-xml/smbdotconf/protocol/unixextensions.xml +++ b/docs-xml/smbdotconf/protocol/unixextensions.xml @@ -10,6 +10,9 @@ by supporting features such as symbolic links, hard links, etc... These extensions require a similarly enabled client, and are of no current use to Windows clients. + + Note if this parameter is turned on, the + parameter will automatically be disabled. yes -- cgit