The Samba-Bugzilla – Bug 8318
Allowing wide links = yes and unix extensions = yes
Last modified: 2011-07-25 18:29:52 UTC
I read a lot about security concerns having lead to the decision that samba does not allow wide links=yes and unix extensions=yes. The ability of a client to read /etc/passwd is given as an example of the security problem, that justifies smbds code ignores the admins settings and turns off wide links.
BUT: Every user of a UNIX system can read /etc/passwd, being able to read this file is NOT a security problem, but part of UNIXs design!!!
If it is not a security problem, setting these two options this way should not be made impossible by the code. I have seen lots of postings from people, having problems due to this code. I even have seen suggestions to allow this presumably insecure option al admins explicit will, but they have been rejected. The only (at leas partial) useful tip to those admins was, to change sambas source code and remove this unwanted restriction.
UNIX systems have a long tradition of not kindergarening the admin and I am sure, a request to change chmod(1) or (2) to protect /etc/passwd from being chmod()ed to 777 would not make it into the linux kernel nor into userland tools.
Re-assigning to Jeremy.
We already have a patch for this. I will evaluate for 3.6.1. It's too late to put into 3.6.0 final.
*** This bug has been marked as a duplicate of bug 8229 ***