[Pkg-samba-maint] Bug#866823: Bug#866823: samba: does not follow symbolic links
Mathieu Parent
math.parent at gmail.com
Mon Nov 23 09:12:03 GMT 2020
Hi,
Le lun. 23 nov. 2020 à 09:48, Ritesh Raj Sarraf <rrs at debian.org> a écrit :
>
> Package: samba
> Version: 2:4.13.2+dfsg-3
> Followup-For: Bug #866823
>
> So "follow symlinks" feature seems to have been broken in the latest
> upload of samba, version 2:4.13.2+dfsg-3.
>
> The current version in testing, 2:4.12.5+dfsg-3, did not have this
> problem and I was happiliy using the "follow symlinks" feature so far.
>
> Given the dependency on python3, which now transitioned to 3.9, I can't
> downgrade to the previous version.
>
> The (insecure) workaround mentioned in this bug report, that of:
>
> # For symlink hack
> wide links = yes
> allow insecure wide links = yes
>
>
> makes it work again.
Do you have path=/ ?
Also, from the 4.13 WHATSNEW.txt:
> wide links functionality
> ------------------------
>
> For this release, the code implementing the insecure "wide links = yes"
> functionality has been moved out of the core smbd code and into a separate
> VFS module, vfs_widelinks. Currently this vfs module is implicitly loaded
> by smbd as the last but one module before vfs_default if "wide links = yes"
> is enabled on the share (note, the existing restrictions on enabling wide
> links around the SMB1 "unix extensions" and the "allow insecure wide links"
> parameters are still in force). The implicit loading was done to allow
> existing users of "wide links = yes" to keep this functionality without
> having to make a change to existing working smb.conf files.
>
> Please note that the Samba developers recommend changing any Samba
> installations that currently use "wide links = yes" to use bind mounts
> as soon as possible, as "wide links = yes" is an inherently insecure
> configuration which we would like to remove from Samba. Moving the
> feature into a VFS module allows this to be done in a cleaner way
> in future.
>
> A future release to be determined will remove this implicit linkage,
> causing administrators who need this functionality to have to explicitly
> add the vfs_widelinks module into the "vfs objects =" parameter lists.
> The release notes will be updated to note this change when it occurs.
Can't you use bind mounts?
Regards
Mathieu Parent
More information about the Pkg-samba-maint
mailing list