The Samba-Bugzilla – Bug 7413
Fix for bug 7104 (disable widelinks) breaks existing configs
Last modified: 2010-05-07 02:20:24 UTC
If "unix extensions" is set to yes (which is unfortunately the default), then "wide links" is automatically disabled, wreaking havoc on existing configs. We had the case where suddenly domain logon scripts stopped working, because they were stored in a directory which was reached via a symlink.
In order to respect principle of "least surprise", wouldn't it make more sense to have this work the other way round, i.e. disable "unix extensions" if "wide links" is set? Or make the config file parser smart enough to track which of the 2 conflicting parameters ("wide links" or "unix extensions") has been specified explicitly, and let that one win.
Moreover, it would be useful if "unix extensions" could be specified by share, rather than globally.
Sorry. This was discussed on the list and it was decided to turn off wide links by default, to make sure Samba fails-safe.
unix extensions cannot be specified by share, due to protocol limitations.
Sorry this security fix caused you problems.
Well, I guess that means you missed the goal of failing safe.
Maybe, it's now time to re-evaluate the decision of disabling wide links instead of unix extensions?
Look, you can re-open this bug all you want, but we're not intending to revisit this issue without a large amount of user feedback that asks us to change this decision. Linux distribution security teams are happy and supportive of our decision. If you really want to change it you'll have to get support from other users on the mailing lists. That is the correct forum to express your displeasure, not this bug report.
This is the last time I will respond here. Take it to the lists please.