Samba: allow insecure wide links
allow insecure wide links:
In normal operation the option wide links which allows the server to follow symlinks outside of a share path is automatically disabled when unix extensions are enabled on a Samba server. This is done for security purposes to prevent UNIX clients creating symlinks to areas of the server file system that the administrator does not wish to export.
Setting allow insecure wide links to true disables the link between these two parameters, removing this protection and allowing a site to configure the server to follow symlinks (by setting wide links to "true") even when unix extensions is turned on.
According to manual setting allow insecure wide links = yes
should be enough to allow symlinks outside the shared path however it's not working for me unless I set unix extensions = no
.
testparm
is not even showing this variable?!
# testparm -s
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[Public]"
Loaded services file OK.
Server role: ROLE_STANDALONE
[global]
workgroup = test
server string = SambaBox
syslog = 0
log file = /var/log/samba/smb.log
max log size = 50
smb ports = 139
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
load printers = No
printcap name = /dev/null
disable spoolss = Yes
show add printer wizard = No
idmap config * : backend = tdb
[Public]
comment = Public
path = /data/Public
valid users = smbguest
create mask = 0644
force create mode = 0644
force directory mode = 0755
map archive = No
wide links = Yes
Solution 1:
If you enabled wide link support but it does not work, SELINUX is probably blocking you.
Try to issue setenforce 0
and to retest your configuration. If it works, then you found your problem's source.
If this does not work, in [global] section add:
- wide links = yes
- allow insecure wide links = yes
- unix extensions = no
Than restart samba and re-try your test case.