Dear Dan, > The bug here is that out-of-path symlinks are remotely writable. ... You mean "creatable". > ... the fact that he can *generate* the symlink breaks ... Nothing breaks if the admin sets "wide links = no" for that share: the link is not followed. > But Samba supports dropping a user into a path ... I never noticed such support documented: references please? > ... and it really does need to keep him there. You cannot "break out" of shares with "wide links = no". > ... Samba is supposed to match Windows semantics in general. No please, do not dumb it down. Cheers, Paul Paul Szabo psz@xxxxxxxxxxxxxxxxx http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia
