--- /dev/null
+<samba:parameter name="allow insecure wide links"
+ context="G"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ In normal operation the option <smbconfoption name="wide links"/>
+ which allows the server to follow symlinks outside of a share path
+ is automatically disabled when <smbconfoption name="unix extensions"/>
+ are enabled on a Samba server. This is done for security purposes
+ to prevent UNIX clients creating symlinks to areas of the server
+ file system that the administrator does not wish to export.
+ </para>
+ <para>
+ Setting <smbconfoption name="allow insecure wide links"/> to
+ true disables the link between these two parameters, removing
+ this protection and allowing a site to configure
+ the server to follow symlinks (by setting <smbconfoption name="wide links"/>
+ to "true") even when <smbconfoption name="unix extensions"/>
+ is turned on.
+ </para>
+ <para>
+ If is not recommended to enable this option unless you
+ fully understand the implications of allowing the server to
+ follow symbolic links created by UNIX clients. For most
+ normal Samba configurations this would be considered a security
+ hole and setting this parameter is not recommended.
+ </para>
+ <para>
+ This option was added at the request of sites who had
+ deliberately set Samba up in this way and needed to continue
+ supporting this functionality without having to patch the
+ Samba code.
+ </para>
+</description>
+<value type="default">no</value>
+</samba:parameter>
git.samba.org / ira / wip.git / blobdiff