blob: 29c25fcaa2cfc0944fa1a44cf7eba66d2b84eb9b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
<samba:parameter name="allow insecure wide links"
context="G"
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
In normal operation the option <smbconfoption name="wide links"/>
which allows the server to follow symlinks outside of a share path
is automatically disabled when <smbconfoption name="unix extensions"/>
are enabled on a Samba server. This is done for security purposes
to prevent UNIX clients creating symlinks to areas of the server
file system that the administrator does not wish to export.
</para>
<para>
Setting <smbconfoption name="allow insecure wide links"/> to
true disables the link between these two parameters, removing
this protection and allowing a site to configure
the server to follow symlinks (by setting <smbconfoption name="wide links"/>
to "true") even when <smbconfoption name="unix extensions"/>
is turned on.
</para>
<para>
It is not recommended to enable this option unless you
fully understand the implications of allowing the server to
follow symbolic links created by UNIX clients. For most
normal Samba configurations this would be considered a security
hole and setting this parameter is not recommended.
</para>
<para>
This option was added at the request of sites who had
deliberately set Samba up in this way and needed to continue
supporting this functionality without having to patch the
Samba code.
</para>
</description>
<value type="default">no</value>
</samba:parameter>
|
