namjaejeon
commented
7 months ago @m-sataraddi Thanks for your check:) Yes, as you said, symlink support has been removed from the upstream process due to possible security issues. But we can start working to support it again. There are other important works to me, but if symlink support is a higher priority, it may depend on what product you use the ksmbd server for and how important it is. Are you planning to use ksmbd as a POC or are you planning to install it into your android product? If it is an Android platform, is this feature included in Google's public source?
m-sataraddi
sangsoolee
rickysarraf
romanrm
Dear Mr. Namjae Jeon,
Context: We are enabling KSMBD server on Android platform and trying to support few use cases. This require Symbolic Links(symlinks) support.
============================================= 1). By default, it looks like Symbolic links are NOT supported in KSMBD now. We tested following and Accessing Symbolic link files from Client is NOT working:
a). [KSMBD Server on Linux]:
In /etc/samba/smb.conf, following share is defined.
[ManjuShare] comment = Samba with KSMBD Kernel Server on Ubuntu path = /home/test/manjunath read only = No
KSMBD Server is running:
sudo service ksmbd status ksmbd.service - ksmbd userspace daemon Loaded: loaded (/lib/systemd/system/ksmbd.service; enabled; vendor preset: enabled) Active: active (exited) since Wed 2024-04-17 17:44:28 IST; 28s ago Process: 30769 ExecStartPre=/sbin/modprobe ksmbd (code=exited, status=0/SUCCESS) Process: 30770 ExecStart=/usr/sbin/ksmbd.mountd -s (code=exited, status=0/SUCCESS) Main PID: 30770 (code=exited, status=0/SUCCESS) Tasks: 2 (limit: 9340) Memory: 576.0K CPU: 11ms CGroup: /system.slice/ksmbd.service ├─30772 /usr/sbin/ksmbd.mountd -s └─30773 /usr/sbin/ksmbd.mountd -s Apr 17 17:44:28 lin2030066179 systemd[1]: Starting ksmbd userspace daemon... Apr 17 17:44:28 lin2030066179 systemd[1]: Finished ksmbd userspace daemon.
KSMBD Server is listening on port 445:
netstat -pulnt | grep -i 445 (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) tcp6 0 0 :::445 ::: LISTEN - tcp6 0 0 :::445 ::: LISTEN - tcp6 0 0 :::445 ::: LISTEN - tcp6 0 0 :::445 ::: LISTEN - tcp6 0 0 :::445 ::: LISTEN -
myfile-sym.txt is symlink of /test/myfile.txt
ls -las total 12 4 drwxrwxrwx 3 test test 4096 Apr 17 15:37 . 4 drwxr-x--- 44 test test 4096 Apr 17 15:52 .. 0 lrwxrwxrwx 1 test test 41 Apr 17 15:37 myfile-sym.txt -> /home/test/manjunath/test/myfile.txt 4 drwxrwxr-x 2 test test 4096 Apr 17 15:36 test
[Mount with CIFS option on other Linux Machine]:
sudo mount -t cifs //107.99.235.8/ManjuShare -o username=test,password=srib@123 /mnt/ManjuShare/
cd /mnt/ManjuShare/ ls -las ls: cannot read symbolic link 'myfile-sym.txt': Operation not supported total 4 0 drwxr-xr-x 2 root root 0 Apr 17 15:37 . 4 drwxr-xr-x 8 root root 4096 Apr 17 15:58 .. 0 lrwxr-xr-x 1 root root 41 Apr 17 15:37 myfile.txt 0 drwxr-xr-x 2 root root 0 Apr 17 15:36 test
Accessing myfile-sym.txt(symlink file) fails:
cat myfile-sym.txt cat: myfile-sym.txt: Permission denied
Accessing Orginial file works:
cat test/myfile.txt myfile
2). Upon further checking, in this below link, its mentioned that: This patch remove symlink support that can be vulnerable and access out of share, and we re-implement it as reparse point later.
https://lore.kernel.org/all/CAH2r5muaUWci4rfOqYhv+p8NO7rKLSg5Y3WgoJnBa9fL8YD0GQ@mail.gmail.com/T/
2a). We would like to know whether Symlinks are supported in latest KSMBD releases.
2b). If symlinks are supported or re-implemented as 'reparse point' then let us know whether this feature is present in latest release. If yes then please share some details about how to use this.
2c). If symlinks are NOT supported till now then let us know if there is a plan to support and by when.
=============================================
Note: We observed that Linux Samba Server supports symlinks as regular file. Clients can access those symlink files as regular files at their side.
Thank you.