mirror of
https://github.com/samba-team/samba.git
synced 2024-12-25 23:21:54 +03:00
64b720d284
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
38 lines
1.5 KiB
XML
38 lines
1.5 KiB
XML
<samba:parameter name="allow insecure wide links"
|
|
context="G"
|
|
type="boolean"
|
|
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|
<description>
|
|
<para>
|
|
In normal operation the option <smbconfoption name="wide links"/>
|
|
which allows the server to follow symlinks outside of a share path
|
|
is automatically disabled when <smbconfoption name="unix extensions"/>
|
|
are enabled on a Samba server. This is done for security purposes
|
|
to prevent UNIX clients creating symlinks to areas of the server
|
|
file system that the administrator does not wish to export.
|
|
</para>
|
|
<para>
|
|
Setting <smbconfoption name="allow insecure wide links"/> to
|
|
true disables the link between these two parameters, removing
|
|
this protection and allowing a site to configure
|
|
the server to follow symlinks (by setting <smbconfoption name="wide links"/>
|
|
to "true") even when <smbconfoption name="unix extensions"/>
|
|
is turned on.
|
|
</para>
|
|
<para>
|
|
If is not recommended to enable this option unless you
|
|
fully understand the implications of allowing the server to
|
|
follow symbolic links created by UNIX clients. For most
|
|
normal Samba configurations this would be considered a security
|
|
hole and setting this parameter is not recommended.
|
|
</para>
|
|
<para>
|
|
This option was added at the request of sites who had
|
|
deliberately set Samba up in this way and needed to continue
|
|
supporting this functionality without having to patch the
|
|
Samba code.
|
|
</para>
|
|
</description>
|
|
<value type="default">no</value>
|
|
</samba:parameter>
|