summaryrefslogtreecommitdiff
path: root/docs-xml/smbdotconf/misc/allowinsecurewidelinks.xml
blob: a8a099190bc00efcac4e28a5952dd11af4255b3f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
<samba:parameter name="allow insecure wide links"
		context="G"
		type="boolean"
		xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
	<para>
	In normal operation the option <smbconfoption name="wide links"/>
	which allows the server to follow symlinks outside of a share path
	is automatically disabled when <smbconfoption name="unix extensions"/>
	are enabled on a Samba server. This is done for security purposes
	to prevent UNIX clients creating symlinks to areas of the server
	file system that the administrator does not wish to export.
	</para>
	<para>
	Setting <smbconfoption name="allow insecure wide links"/> to
	true disables the link between these two parameters, removing
	this protection and allowing a site to configure
	the server to follow symlinks (by setting <smbconfoption name="wide links"/>
	to "true") even when <smbconfoption name="unix extensions"/>
	is turned on.
	</para>
	<para>
	If is not recommended to enable this option unless you
	fully understand the implications of allowing the server to
	follow symbolic links created by UNIX clients. For most
	normal Samba configurations this would be considered a security
	hole and setting this parameter is not recommended.
	</para>
	<para>
	This option was added at the request of sites who had
	deliberately set Samba up in this way and needed to continue
	supporting this functionality without having to patch the
	Samba code.
	</para>
</description>
<value type="default">no</value>
</samba:parameter>