samba, stop being so selfish!

So not long ago I noticed that some of my samba shares weren’t working properly. By that, I mean, I could access the main share, but some of the subdirectories were giving me an “access denied” error when trying to traverse them. It was one of those things where it was just an annoyance that I didn’t have time to research and fix so I was just working around it in different ways.

A little digging into my shares I narrowed down the issue to only subdirectories that I had Symlinked to other directories not within the original folder. The link was fine, the Linux permissions were fine, as were the the settings in my smb.conf. Regardless, I still couldn’t access the symlinked subdirectories.

Off to google. The second link pointed to an ubuntu forums post where others were having the same issue. One of which had traced it back to a security news post on samba’s website. Apparently the default setting:

wide links = yes

is too much of a security risk and has now been changed to “no” unless you set it manually in the smb.conf. So to get my shares working properly again, I added the above as well as:

follow symlinks = yes

unix extensions = no

A “sudo service samba restart” and all is as it should be. Yay google! 🙂
  • joeblow

    This issue would affect anyone using something like MythTV's “mythpretty” script which can make plain English named symlinks to non-user owned video files inside non-user owned directories. I got bit by this one and just using “unix extensions = no” in my smb.conf file was enough to fix it.

  • What's selfish about Samba going out of its way to ensure your files are secure by default?

    • I was really just an amusing post subject. As in samba, the file sharing protocol wasn't sharing anymore (being selfish). It wasn't meant to imply the samba project team were selfish in any way.

  • Pingback: Tweets that mention leftyfb's Blog » Blog Archive » samba, stop being so selfish! --