'Re: [Samba] howto achieve 'hide unreadable' for msdfs symlinks'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba
Subject:    Re: [Samba] howto achieve 'hide unreadable' for msdfs symlinks
From:       Konrad Jacobi via samba <samba () lists ! samba ! org>
Date:       2024-04-18 9:29:04
Message-ID: 2e9acafe-45c5-416c-8e1d-51296da5fd33 () igp ! fraunhofer ! de
[Download RAW message or body]

[Attachment #2 (text/plain)]


Am 17.04.24 um 16:43 schrieb Kees van Vloten via samba:
> On 16-04-2024 16:21, Konrad Jacobi via samba wrote:
>> hi,
>> on a samba domain member file server i'm using dfs root shares with 
>> multiple msdfs symlinks pointing to other shares (on the same server), 
>> which works fine. These linked shares have different access rights, 
>> therefore a user might have access to one linked share but not to 
>> another.
>>
> Another option is to specify the dfsroot "links" completely in smb.conf, 
> like
> 
> [home]
>          msdfs root = yes
>          msdfs proxy = \fileserver\home
>          comment = Home directory
> 
> Although  it does not support the hiding you want, at least it does not 
> have requirements on the filesystem. Perhaps (@Jeremy) it is easier to 
> implement some hiding mechanism on top of this configuration?
> 
> - Kees.
> 
true. At server-level access based share enum works (access based share 
enum = yes), even with dfs proxy "shares".
One also could implement some netbios name based "virtual servers" via 
something like 'include = /etc/samba/smb.%L.conf'.
Both ways work at server level with shares enumeration but not at share 
level while enumerating folders or symlinks (what I need).

Does anyone know when or where "hide unreadable" kicks in? I still have 
some hope on my dirty "xattr security.NTACL on symlinks"-idea ;-)

Konrad

-- 
M. Sc. Konrad Jacobi

Fraunhofer-Institut für Großstrukturen in der Produktionstechnik IGP

Albert-Einstein-Straße 30 │ 18059 Rostock
Tel +49 381 49682-192
Fax +49 381 49682-12

konrad.jacobi@igp.fraunhofer.de
http://www.igp.fraunhofer.de


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

--===============0655676994494557916==--


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic