I know this is an unusual scenario: sharing the entire filesytem ("/"). But it was working with 4.3.8, and broke sometime after, perhaps with the CVE-2017-2619 fixes since this involves symlinks and there were a few regressions with that particular CVE. For the test I used 4.6.5 with the patch for bug #12860. This is the smb.conf: [global] server string = %h server (Samba, Ubuntu) netbios name = xenial server role = standalone server map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap config * : backend = tdb [rootfs] path = / follow symlinks = yes wide links = no read only = no guest ok = no browseable = yes /opt has this: root@xenial-samba-rootfs:~# ls -lah /opt total 5.0K drwxr-xr-x 3 root root 6 Jul 3 20:01 . drwxr-xr-x 22 root root 22 Jun 19 23:52 .. -rw-r--r-- 1 root root 6 Jul 3 20:01 file.txt lrwxrwxrwx 1 root root 16 Jul 3 20:01 symlink-to-directory -> target-directory lrwxrwxrwx 1 root root 8 Jul 3 20:01 symlink-to-file -> file.txt drwxr-xr-x 2 root root 2 Jul 3 20:01 target-directory This worked with 4.3.8 without the CVE-2017-2619 patch: root@xenial-samba-rootfs:~# smbclient //localhost/rootfs -U ubuntu%ubuntu -m SMB2 -c "dir /opt/symlink-to-directory/*" WARNING: The "syslog" option is deprecated Domain=[XENIAL] OS=[] Server=[] . D 0 Mon Jul 3 20:01:36 2017 .. D 0 Mon Jul 3 20:01:49 2017 244825344 blocks of size 1024. 244392448 blocks available root@xenial-samba-rootfs:~# smbclient //localhost/rootfs -U ubuntu%ubuntu -m SMB2 -c "get \opt\symlink-to-file" WARNING: The "syslog" option is deprecated Domain=[XENIAL] OS=[] Server=[] getting file \opt\symlink-to-file of size 6 as \opt\symlink-to-file (5.9 KiloBytes/sec) (average 5.9 KiloBytes/sec) But it fails with 4.3.11 + CVE patches, and also 4.6.5 with the patch for bug #12860: root@xenial-samba-rootfs:~# smbclient //localhost/rootfs -U ubuntu%ubuntu -m SMB2 -c "dir /opt/symlink-to-directory/*" WARNING: The "syslog" option is deprecated Domain=[XENIAL] OS=[] Server=[] NT_STATUS_ACCESS_DENIED listing \opt\symlink-to-directory\* root@xenial-samba-rootfs:~# smbclient //localhost/rootfs -U ubuntu%ubuntu -m SMB2 -c "get \opt\symlink-to-file" WARNING: The "syslog" option is deprecated Domain=[XENIAL] OS=[] Server=[] NT_STATUS_ACCESS_DENIED opening remote file \opt\symlink-to-file
Looks like this issue is fixed as a side effect of b886a9443d49f6e27fa3863d87c9e24d12e62874 s3/smbd: let non_widelink_open() chdir() to directories directly.