Here’s an example of how relevant parts of your /etc/samba/smb. To get symlinks to actually work, set this parameter in the section of your /etc/samba/smb.conf file: So far we have only fixed a security hole. This way, an attacker cannot create soft links in shares that follow symlinks (because of the read-only parameter) and a soft link to /etc/passwd created in a share with write permissions will not resolve to the remote host’s /etc/passwd file (because the share will not follow symlinks): Instead, only set them for individual shares AND ONLY IN CONJUNCTION WITH the parameter read only = yes Finally, disable symlinks for all your shares with write access like so: in the section of your /etc/samba/smb.conf file). To re-enable the symlink functionality and still provide some defence against possible exploits, do not set these two options globally (i.e. This is very inconvenient because symlinks are very useful and simply turning them off is a sloppy way of dealing with a security hole this serious. ![]() The samba developers’ response was to simply turn these options off by default. So an attacker can use a linux client to create a soft link to /etc/paswd (or some other sensitive system file) in a remote share and use a windows client to download a copy of the remote host’s passwd file… very bad. The /home/docs/ from PCserver is mounted in PCclient. I perform sudo mount -f cifs with the necessary parameters, and everything works okay. This was in response to an exploit posted on youtube that allowed /etc/passwd to be downloaded from a remote server if these two parameters are set globally:Īpparently, if a symlink to /etc/passwd is created in a share with these two options set, linux clients will resolve it to the local machine but windows clients will resolve it to the remote host… bad. I am mounting a directory, e.g., /home/docs/ from PCserver to PCclient using the SAMBA share in Linux. I googled a little and found out the samba developers updated samba early last year to not follow symlinks by default. I'd love to have PhpStorm reading the symlinks but I understand that refactoring the complete full PhpStorm architecture "just because another vendor has a bug" is probably not a possibility while doing P9 file server work mainly as a samba file server (see the xrefs above) seems much more "feasible".I tried to use a symlink in a samba share this afternoon and got the following error: I also faced this and asked here and saw there's a bug already open in the WSL repo here ĪFAIK the reason by which VsCode "seems" to be understanding the symlinks is because it's not "fully running" on the windows side, but it seems to be a client-server structure and in the windows side have only a "frontend" connected to a "remote core" which is natively running in the WSL2 linux, so, the "VsCode" itself "is seeing" the linux symlinks because it really runs on the linux side and only "sends" the info to the frontend. Just open `\\wsl$` from the explorer, or from a CMD or gitbash or whatever and you'll see all the symlinks failing. ![]() You can check that it is not that "PhpStorm" cannot open the symlinks but that "nobody" (even "VsCode" -see later-) nobody from the windows side can open the symlinks. This is a bug of the WSL2 subsystem, particularly in the P9 file server. contains runtime configuration information for the Samba programs. file is a configuration file for the Samba suite. If using libsmbclient-3.0.33-3.37. smb.conf The configuration file for the Samba suite. ![]() I believe that with the change of Microsoft's direction to support Windows as a development platform, WSL2 should be natively integrated in Jetbrains products so that it can provide an equivalent development experience between Linux and Windows on an overall great product.įeel free to sugget any solutions to the symlink problem! Once part of the domain, install the following packages: sudo apt-get install samba smbfs smbclient Since the likewise-open and samba packages use separate. Set the following parameter in /etc/samba/smb.conf under the global settings. ![]() Is there a way to fix this, or if not, is it an issue that is going to be tackled soon? VSCode works out of the box with WSL2 integration and symlinks etc. Everything works fine with the Run/Debug configuration since it is natively using WSL, but in the project files IDEA cannot understand symlink to folders. The problem is that the project contains symlinks. I have also switched the terminal to use wsl.exe so that I can have direct access to any Linux functionality I am used to having while developing on Linux. I am running some NodeJS projects on WSL2 with WSL Node interpreter and they work fine. After all the storm with WSL2! in (Windows 10 2004) I decided to give development on Windows an other chance.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |