Accessing symbolic links through Samba results in access denied error.
Environment
- Red Hat Enterprise Linux 5
- Red Hat Enterprise Linux 6
Issue
- When attempting to access a symbolic link through a Samba share accessing the link will fail with an access denied error observed on the client.
Resolution
- Set the following parameter in
/etc/samba/smb.confunder theglobalsettings.
If using libsmbclient-3.0.33-3.37.el5 or newer:
[global]
follow symlinks = yes
unix extensions = no
wide links = yes
If using an older version of libsmbclient:
[global]
follow symlinks = yes
- Next, restart the
sambaservices to put the changes into effect:
# /etc/init.d/samba restart
Root Cause
- Newer versions of Samba require a modification to the Samba configuration file to allow symbolic links. This change and option was introduced to patch a security vulnerability which allowed users to access the machine via symbolic links.
follow symlinks (S)
This parameter allows the Samba administrator to stop smbd(8) from following
symbolic links in a particular share. Setting this parameter to no prevents
any file or directory that is a symbolic link from being followed (the user
will get an error). This option is very useful to stop users from adding a
symbolic link to /etc/passwd in their home directory for instance. However
it will slow filename lookups down slightly.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments