8.1 Filesystem Differences | Using Samba: A File and Print Server for Linux, Unix & Mac OS X, 3rd Edition

One of the biggest issues for which Samba has to correct is the difference between Unix and Microsoft filesystems. This includes items such as handling symbolic links, hidden files, and dot files. In addition, file permissions can also be a headache if not properly accounted for.

8.1.1 Hiding and Vetoing Files

Sometimes you need to ensure that a user cannot see or access a file at all. Other times, you don't want to keep users from accessing a file ”you just want to hide it when they view the contents of the directory. On Windows systems, an attribute of files allows them to be hidden from a folder listing. With Unix, the traditional way of hiding files in a directory is to use a dot (.) as the first character in the filename. This prevents items such as configuration files from being seen when performing an ordinary ls command. Keeping a user from accessing a file at all, however, involves working with permissions on files and directories.

The first option we should discuss is the Boolean hide dot files . When it is set to yes , Samba reports files beginning with a period (.) as having their hidden attribute set. If the user has chosen to show all hidden files while browsing (e.g., using the Folder Options menu item under the View menu in Windows 98), he will still be able to see the files, although his icons will appear " ghosted ," or slightly grayed-out. If the client is configured not to show hidden files, the files will not appear at all.

Instead of simply hiding files beginning with a dot, you can also specify a string pattern to Samba for files to hide, using the hide files option. For example, let's assume you specified the following in our example [data] share:

 [data]     hide files = /*.java/*README*/

Each entry for this option must begin, end, or be separated from another with a slash ( / ) character, even if only one pattern is listed. This convention allows spaces to appear in filenames. The slashes have nothing to do with Unix directories; they are instead acting as delimiters for the hide files values.

If you want to prevent users from seeing files completely, you can instead use the veto files option. This option, which takes the same syntax as the hide files option, specifies a list of files that should never be seen by the user. For example, let's change the [data] share to the following:

 [data]     veto files = /*.java/*README*/

The syntax of this option is identical to the hide files configuration option: each entry must begin, end, or be separated from another with a slash ( / ) character, even if only one pattern is listed. If you do so, files that match the pattern, such as hello.java and README.txt, will simply disappear from the directory, and the user cannot access them through SMB.

We need to address one other question. What happens if the user tries to delete a directory that contains vetoed files? This is where the delete veto files option comes in. If this Boolean option is set to yes , the user can delete both the regular files and the vetoed files in the directory, and the directory itself is removed. If the option is set to no , the user cannot delete the vetoed files, and consequently the directory is not deleted either. From the user's perspective, the directory appears empty, but cannot be removed.

The dont descend directive specifies a list of directories whose contents Samba should not make visible. Note that we say contents , not the directory itself. Users can enter a directory marked as such, but they are prohibited from descending the directory tree any farther ”they always see an empty folder. For example, let's use this option with a more basic form of the share that we defined earlier in the chapter:

 [data]     dont descend = config defaults

In addition, let's assume that the /home/samba/data directory has the following contents:

 drwxr-xr-x   6 tom      users     1024 Jun 13 09:24 . drwxr-xr-x   8 root     root      1024 Jun 10 17:53 .. -rw-r--r--   2 tom      users     1024 Jun  9 11:43 README drwxr-xr-x   3 tom      users     1024 Jun 13 09:28 config drwxr-xr-x   3 tom      users     1024 Jun 13 09:28 defaults drwxr-xr-x   3 tom      users     1024 Jun 13 09:28 market

If the user then connects to the share, she would see the directories in the share. However, the contents of the /config and /defaults directories would appear empty to her, even if other folders or files existed in them. In addition, users cannot write any data to the folder (which prevents them from creating a file or folder with the same name as one that is already there but invisible). If a user attempts to do so, she will receive an "Access Denied" message. The dont descend option is an administrative option ”not a security option ”and is not a substitute for good file permissions.

8.1.2 Links

When a client tries to open a symbolic link on a Samba server share, Samba attempts to follow the link to find the real file and let the client open it, as if the user were on a Unix machine. If you don't want to allow this, set the follow symlinks option like this:

 [data]     follow symlinks = no

You can test this by setting up and trying to access a symbolic link. Create a directory on the Unix server inside the share, acting as the user under which you will log in to Samba. Enter the following commands:

 $  echo "This is a test" >hello.txt  $  ln -s hello.txt hello-link.txt

This results in the text file hello.txt and a symbolic link to it called hello-link.txt . Normally, if you double-click either one, you will receive a file that has the text "This is a test" inside of it. However, with the follow symlinks option set to no , you will receive an error dialog if you double-click hello-link.txt .

The wide links option, if set to no , prevents the client user from following symbolic links that point outside the shared directory tree. For example, let's assume that we modified the [data] share as follows :

 [data]     follow symlinks = yes     wide links = no

As long as the follow symlinks option is disabled, Samba will refuse to follow any symbolic links outside the current share tree. If we create a file outside the share (for example, in someone's home directory) and then create a link to it in the share as follows:

 ln -s ~tom/datafile ./datafile

the client cannot open the file in Tom's home directory.

8.1.3 Filesystem Options

Table 8-1 shows a breakdown of the options we discussed earlier. We recommend the defaults for most, except those listed in the following descriptions.

Table 8-1. Filesystem configuration options

Option	Parameters	Function	Default	Scope
`dont descend`	string (list of directories)	Indicates a list of directories whose contents Samba should make invisible to clients .	None	Share
`follow` `symlinks`	Boolean	If set to `no` , will not honor symbolic links.	`yes`	Share
`getwd cache`	Boolean	If set to `yes` , will use a cache for `getwd( )` calls.	`yes`	Global
`wide links`	Boolean	If set to `yes` , will follow symbolic links outside the share.	`yes`	Share
`hide dot files`	Boolean	If set to `yes` , treats Unix hidden files as hidden files in Windows.	`yes`	Share
`hide files`	string (list of files)	List of file patterns to treat as hidden.	None	Share
`veto files`	string (list of files)	List of file patterns to never show.	None	Share
`delete veto` `files`	Boolean	If set to `yes` , will delete files matched by `veto files` when the directory they reside in is deleted.	`no`	Share

8.1.3.1 dont descend

The dont descend option can be used to specify various directories that should appear empty to the client. Note that the directory itself will still appear. However, Samba will not show any of the contents of the directory to the client user. This is not a good option to use as a security feature; it is really meant only as a convenience to keep users from casually browsing into directories that might have sensitive files. See our example earlier in this section.

8.1.3.2 follow symlinks

This option controls whether Samba will follow a symbolic link in the Unix operating system to the target or if it should return an error to the client user. If the option is set to yes , the target of the link will be interpreted as the file. If set to no , an error will be generated if the symbolic link is accessed.

8.1.3.3 getwd cache

This global option specifies whether Samba should use a local cache for the Unix getwd( ) ( get current working directory) system call. You can override the default value of yes as follows:

 [global]     getwd cache = no

Setting this option to no can significantly increase the time it takes to resolve the working directory, especially if the wide links option is set to no . You should normally not need to alter this option.

8.1.3.4 wide links

This option specifies whether the client user can follow symbolic links that point outside the shared directory tree. This includes any files or directories at the other end of the link, as long as the permissions are correct for the user. The default value for this option is yes . Note that this option will not be honored if the follow symlinks options is set to no . Setting this option to no slows smbd considerably because it will have to check each link it encounters.

8.1.3.5 hide dot files

The hide dot files option hides any files on the server that begin with a dot (.) character to mimic the functionality behind several shell commands that are present on Unix systems. Like hide files , those files that begin with a dot have the DOS hidden attribute set, which doesn't guarantee that a client cannot view them. The default value for this option is yes .

8.1.3.6 hide files

The hide files option provides one or more directory or filename patterns to Samba. Any file matching this pattern will be treated as a hidden file from the perspective of the client. Note that this simply means that the DOS hidden attribute is set, which might or might not mean that the user can actually see it while browsing.

Each entry in the list must begin, end, or be separated from another entry with a slash ( / ) character, even if only one pattern is listed. This allows spaces to appear in the list. Asterisks can be used as a wildcard to represent zero or more characters . Questions marks can be used to represent exactly one character. For example:

 hide files = /.jav*/README.???/

8.1.3.7 veto files

More stringent than the hidden files state is the state provided by the veto files configuration option. Samba won't even admit these files exist. You cannot list or open them from the client. This should not be used as a means of implementing security. It is actually a mechanism to keep PC programs from deleting special files, such as ones used to store the resource fork of a Macintosh file on a Unix filesystem. If both Windows and Macs are sharing the same files, this can prevent ill-advised power users from removing files the Mac users need.

The syntax of this option is identical to that of the hide files configuration option: each entry must begin, end, or be separated from another with a slash ( / ) character, even if only one pattern is listed. Asterisks can be used as a wildcard to represent zero or more characters. Question marks can be used to represent exactly one character. For example:

 veto files = /*config/*default?/

This option is primarily administrative and is not a substitute for good file permissions.

8.1.3.8 delete veto files

This option tells Samba to delete vetoed files when a user attempts to delete the directory in which they reside. The default value is no . This means that if a user tries to delete a directory that contains a vetoed file, the file (and the directory) will not be deleted. Instead, the directory remains and appears empty from the perspective of the user. If set to yes , the directory and the vetoed files will be deleted.