On Wed, Mar 03, 2010 at 01:58:58PM -0500, Brother Railgun of Reason wrote: > This can be interpreted either of two ways. Do you mean that you think > users should not be able to *enable* following wide symlinks (which I > understand to mean symbolic links whose target is located outside the > share), or should not be able to *disable* it?
Users should not be able to enable following wide symlinks if "unix extensions = yes" (which means that symlinks can be dynamically created by clients). That's the basis of the security problem. If you want to allow both following wide symlinks and arbitrary client creation of symlinks then you need to change the code and recompile, as the combination is inherently unsafe. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
