Bug 7413 - Fix for bug 7104 (disable widelinks) breaks existing configs
Summary: Fix for bug 7104 (disable widelinks) breaks existing configs
Alias: None
Product: Samba 3.5
Classification: Unclassified
Component: Config Files (show other bugs)
Version: unspecified
Hardware: Other Linux
: P3 major
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on:
Reported: 2010-05-06 16:39 UTC by samba
Modified: 2010-05-07 02:20 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description samba 2010-05-06 16:39:50 UTC
If "unix extensions" is set to yes (which is unfortunately the default), then "wide links" is automatically disabled, wreaking havoc on existing configs. We had the case where suddenly domain logon scripts stopped working, because they were stored in a directory which was reached via a symlink.

In order to respect principle of "least surprise", wouldn't it make more sense to have this work the other way round, i.e. disable "unix extensions" if "wide links" is set? Or make the config file parser smart enough to track which of the 2 conflicting parameters ("wide links" or "unix extensions") has been specified explicitly, and let that one win.

Moreover, it would be useful if "unix extensions" could be specified by share, rather than globally.
Comment 1 Jeremy Allison 2010-05-06 17:49:29 UTC
Sorry. This was discussed on the list and it was decided to turn off wide links by default, to make sure Samba fails-safe.

unix extensions cannot be specified by share, due to protocol limitations.

Sorry this security fix caused you problems.

Comment 2 samba 2010-05-07 01:47:49 UTC
Well, I guess that means you missed the goal of failing safe.

Maybe, it's now time to re-evaluate the decision of disabling wide links instead of unix extensions?
Comment 3 Jeremy Allison 2010-05-07 02:20:24 UTC
Look, you can re-open this bug all you want, but we're not intending to revisit this issue without a large amount of user feedback that asks us to change this decision. Linux distribution security teams are happy and supportive of our decision. If you really want to change it you'll have to get support from other users on the mailing lists. That is the correct forum to express your displeasure, not this bug report.

This is the last time I will respond here. Take it to the lists please.