Samba Question (symlinks)

David Turley davitur at
Wed Mar 10 18:29:28 MST 2010


I have had a local samba server set up for a while (Debian/Etch).  I
recently upgraded my samba to the latest version, and now my "symlinks" are
access denied.  I believe this is tied to the "Wide Links" zero day exploit
fix that the samba team put out.  However, I can't seem to undo it with a
"wide links = yes" command in the smb.conf file.  The way I have been doing
it has been working for the last two years -- so I'm scratching my head now.

My samba is configured that when they log into the "client" area, they are
dropped into the directory:
/srv/client/[machine name]

Inside specific [machine name] directories is a symlink to /srv/common if
that machine is to have access to the common files.


=== [ Here is my smb.conf file: ] ===

   workgroup = WORKGROUP
   netbios name = USURPER
   remote announce =
   browseable = yes
   time server = yes
   follow symlinks = yes
   server string = %L server (%h hosted)
   wins support = yes
   dns proxy = yes
   name resolve order = lmhosts host wins bcast
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   security = user
   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = yes
   guest account = nobody
   invalid users = root
   browseable = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
   socket options = TCP_NODELAY

#======================= Share Definitions =======================

   comment = Home Directories
   browseable = no
   writable = no
   create mask = 0700
   directory mask = 0700
   valid users = %S

   comment = All Printers
   browseable = yes
   path = /var/spool/samba
   printable = yes
   public = yes
   writable = no
   create mode = 0700
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = yes
  comment = Public Serverspace
  browseable = yes
  path = /pub
  writeable = yes
  public = yes
  directory mode = 0777
  comment = Client Machine Serverspace
  public = no
  browseable = yes
  path = /srv/client/%m
  writeable = yes
  directory mode = 0777
  wide links = yes
  preexec = mkdir /srv/client/%m ; touch /srv/client/%m/hello-%m
  comment = Music for the masses
  public = yes
  browseable = yes
  path = /srv/music
  writeable = yes
  directory mode = 0777

More information about the PLUG mailing list