-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Does KSMBD supports Symbolic Links(symlinks) ? #483
Comments
@m-sataraddi Thanks for your check:) Yes, as you said, symlink support has been removed from the upstream process due to possible security issues. But we can start working to support it again. There are other important works to me, but if symlink support is a higher priority, it may depend on what product you use the ksmbd server for and how important it is. |
Our plan is to install KSMBD into android product (not just for POC). |
@m-sataraddi Okay, Let me check it. Can you send me more information for your product ? (linkinjeon@kernel.org) |
Hi @namjaejeon |
Having symlink support for SMB Shares would be a nice feature, for your average Linux end-user as well. I use it heavily, daily. Use case: I can have 10 different smb shares organized with different content. Of the content populated across all the shares, there's one identifier; like say [PRIMARY] And all symlinks put under |
Samba server supports the "allow insecure wide links" setting, which specifically allows all symlinks even to point outside of the share tree. As such there are scenarios where that is not a problem, or in fact desirable, and the user should be given an option to enable that. It is not a good choice to remove the feature entirely just because it can implement one of Samba's included features, even if one disabled by default. Just include that too, and disable by default, why cut useful functions out entirely. Side note: another attempt to deploy ksmbd instead of Samba, another failure and postponement, now because of this. |
The Samba team strongly wanted to remove this feature for security issues. can you tell me what client do you use for symlink ? cifs.ko ?
interesting, can you elaborate more ? deploy ? |
I am root on both the client and the server, and there are no other clients. It is not always that "security" is even required, there are cases when it is not a consideration, and it should not be the cause of entirely sacrificing functionality or convenience. As in this case: function was removed, not disabled. At least it is good to have a way to explicitly enable such features.
Nothing big, just meant would be nice to drop-in replace Samba for KSMBD on all my machines and gain the improved efficiency and performance, but each time something prevents that in one way or another. |
I am asking which smb client do you use to access symlinks? cifs.ko in the Linux kernel or samba's smbclient. |
Yes, just mounting with the kernel. |
Okay, I will check symlink support in ksmbd. |
Dear Mr. Namjae Jeon,
Context: We are enabling KSMBD server on Android platform and trying to support few use cases. This require Symbolic Links(symlinks) support.
=============================================
1). By default, it looks like Symbolic links are NOT supported in KSMBD now. We tested following and Accessing Symbolic link files from Client is NOT working:
a). [KSMBD Server on Linux]:
In /etc/samba/smb.conf, following share is defined.
[ManjuShare]
comment = Samba with KSMBD Kernel Server on Ubuntu
path = /home/test/manjunath
read only = No
KSMBD Server is running:
sudo service ksmbd status
ksmbd.service - ksmbd userspace daemon
Loaded: loaded (/lib/systemd/system/ksmbd.service; enabled; vendor preset: enabled)
Active: active (exited) since Wed 2024-04-17 17:44:28 IST; 28s ago
Process: 30769 ExecStartPre=/sbin/modprobe ksmbd (code=exited, status=0/SUCCESS)
Process: 30770 ExecStart=/usr/sbin/ksmbd.mountd -s (code=exited, status=0/SUCCESS)
Main PID: 30770 (code=exited, status=0/SUCCESS)
Tasks: 2 (limit: 9340)
Memory: 576.0K
CPU: 11ms
CGroup: /system.slice/ksmbd.service
├─30772 /usr/sbin/ksmbd.mountd -s
└─30773 /usr/sbin/ksmbd.mountd -s
Apr 17 17:44:28 lin2030066179 systemd[1]: Starting ksmbd userspace daemon...
Apr 17 17:44:28 lin2030066179 systemd[1]: Finished ksmbd userspace daemon.
KSMBD Server is listening on port 445:
netstat -pulnt | grep -i 445
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp6 0 0 :::445 ::: LISTEN -
tcp6 0 0 :::445 ::: LISTEN -
tcp6 0 0 :::445 ::: LISTEN -
tcp6 0 0 :::445 ::: LISTEN -
tcp6 0 0 :::445 ::: LISTEN -
myfile-sym.txt is symlink of /test/myfile.txt
ls -las
total 12
4 drwxrwxrwx 3 test test 4096 Apr 17 15:37 .
4 drwxr-x--- 44 test test 4096 Apr 17 15:52 ..
0 lrwxrwxrwx 1 test test 41 Apr 17 15:37 myfile-sym.txt -> /home/test/manjunath/test/myfile.txt
4 drwxrwxr-x 2 test test 4096 Apr 17 15:36 test
[Mount with CIFS option on other Linux Machine]:
sudo mount -t cifs //107.99.235.8/ManjuShare -o username=test,password=srib@123 /mnt/ManjuShare/
cd /mnt/ManjuShare/
ls -las
ls: cannot read symbolic link 'myfile-sym.txt': Operation not supported
total 4
0 drwxr-xr-x 2 root root 0 Apr 17 15:37 .
4 drwxr-xr-x 8 root root 4096 Apr 17 15:58 ..
0 lrwxr-xr-x 1 root root 41 Apr 17 15:37 myfile.txt
0 drwxr-xr-x 2 root root 0 Apr 17 15:36 test
Accessing myfile-sym.txt(symlink file) fails:
cat myfile-sym.txt
cat: myfile-sym.txt: Permission denied
Accessing Orginial file works:
cat test/myfile.txt
myfile
2). Upon further checking, in this below link, its mentioned that: This patch remove symlink support that can be vulnerable and access out of share, and we re-implement it as reparse point later.
https://lore.kernel.org/all/CAH2r5muaUWci4rfOqYhv+p8NO7rKLSg5Y3WgoJnBa9fL8YD0GQ@mail.gmail.com/T/
2a). We would like to know whether Symlinks are supported in latest KSMBD releases.
2b). If symlinks are supported or re-implemented as 'reparse point' then let us know whether this feature is present in latest release.
If yes then please share some details about how to use this.
2c). If symlinks are NOT supported till now then let us know if there is a plan to support and by when.
=============================================
Note: We observed that Linux Samba Server supports symlinks as regular file.
Clients can access those symlink files as regular files at their side.
Thank you.
The text was updated successfully, but these errors were encountered: