1 files changed, 37 insertions, 0 deletions

diff --git a/docs-xml/smbdotconf/misc/allowinsecurewidelinks.xml b/docs-xml/smbdotconf/misc/allowinsecurewidelinks.xml
new file mode 100644
index 0000000..29c25fc
--- /dev/null
+++ b/docs-xml/smbdotconf/misc/allowinsecurewidelinks.xml
@@ -0,0 +1,37 @@
+<samba:parameter name="allow insecure wide links"
+                 context="G"
+                 type="boolean"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+	<para>
+	In normal operation the option <smbconfoption name="wide links"/>
+	which allows the server to follow symlinks outside of a share path
+	is automatically disabled when <smbconfoption name="unix extensions"/>
+	are enabled on a Samba server. This is done for security purposes
+	to prevent UNIX clients creating symlinks to areas of the server
+	file system that the administrator does not wish to export.
+	</para>
+	<para>
+	Setting <smbconfoption name="allow insecure wide links"/> to
+	true disables the link between these two parameters, removing
+	this protection and allowing a site to configure
+	the server to follow symlinks (by setting <smbconfoption name="wide links"/>
+	to "true") even when <smbconfoption name="unix extensions"/>
+	is turned on.
+	</para>
+	<para>
+	It is not recommended to enable this option unless you
+	fully understand the implications of allowing the server to
+	follow symbolic links created by UNIX clients. For most
+	normal Samba configurations this would be considered a security
+	hole and setting this parameter is not recommended.
+	</para>
+	<para>
+	This option was added at the request of sites who had
+	deliberately set Samba up in this way and needed to continue
+	supporting this functionality without having to patch the
+	Samba code.
+	</para>
+</description>
+<value type="default">no</value>
+</samba:parameter>