Welcome to TechNet Blogs Sign in | Join | Help

SMB2 Protocol - what is a Symbolic Link?

I had a comment from my last post about the new SMB2 protocol that I wanted to follow up on...There was mention of support for 'Symbolic Links' in the post and Mr. Kevin Owen asked for some clarification.  So, Kevin - straight from the developer who wrote the code:

In Vista/Longhorn server, the file system (NTFS) will start supporting a new filesystem object (examples of existing filesystem objects are files, folders etc.). This new object is a symbolic link. Think of a symbolic link as a pointer to another file system object (it can be a file, folder, shortcut or another symbolic link). So then you ask how is that different from a short-cut (the .lnk file)?  Well, a shortcut will only work when used from within the Windows shell, it is a construct of the shell, and other apps don’t understand short-cuts. To other apps, short-cuts look just like a file. With symbolic links, this concept is taken and is implemented within the file system. Apps when they open a symbolic link will now open the target by default (i.e. what the link points to), unless they explicitly ask for the symbolic link itself to be opened. Note symbolic links are an NTFS feature.

Now why is this relevant to the SMB2 protocol? This is because, for symbolic links to behave correctly, they should be interpreted on the client side of a file sharing protocol (otherwise this can lead to security holes). SMB2 understands the concept of symbolic links and evaluates the links on the client. This is the support that is added in SMB2.0

 

- Ward Ralston

Published Friday, October 28, 2005 4:06 PM by WindowsServer

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

Sunday, October 30, 2005 10:53 AM by B

# re: SMB2 Protocol - what is a Symbolic Link?

Unix filesystems, anyone? Your 'post' (or indeed that which you quote) should really have given credit to the original implementors, or at least mentioned them, shouldn't it? Windows users, eh.
Monday, October 31, 2005 5:43 AM by John Doe

# re: SMB2 Protocol - what is a Symbolic Link?

Yipee! Windows invented the symlink. Or did it already existed on Unix/Linux, something like 15 years ago?
Monday, October 31, 2005 5:51 AM by Tsu Dho Nimh

# re: SMB2 Protocol - what is a Symbolic Link?

And yet another UNIX feature shows up in Windows as an "innovation".
Monday, October 31, 2005 5:54 AM by Rosyna

# re: SMB2 Protocol - what is a Symbolic Link?

Are these symbolic links paths (relative or absolute) like the *nix implementation or are they richer implementations that are much more robust like the Mac OS's aliases?
Monday, October 31, 2005 6:00 AM by perplex

# re: SMB2 Protocol - what is a Symbolic Link?

create a symlink, something i always missed on windows. what about all the other missing features in a os, seen in bsd, linux, unix, etc. maybe start here: http://unxutils.sourceforge.net/ and http://www.cygwin.com/, etc. bleh
Monday, October 31, 2005 6:18 AM by Mike

# re: SMB2 Protocol - what is a Symbolic Link?

"Now why is this relevant to the SMB2 protocol? This is because, for symbolic links to behave correctly, they should be interpreted on the client side of a file sharing protocol (otherwise this can lead to security holes)"

Are you nuts?!

For security to be maintained the filesystem (NTFS) has to parse the link and handle it appropriately! A symlink only has meaning within the system running the filesystem.

Either someone needs a big LARTing by a clue-by-four, I have seriously misred what you wrote, or you are ... not quite suitable to do this work.

I hope I seriously missed a point.
Monday, October 31, 2005 6:42 AM by n00dles

# re: SMB2 Protocol - what is a Symbolic Link?

I feel it's worth mentioning to those who are not familiar with *nix, that symlinks have been available on various file systems in that space for... well, a very long time.

It's a long overdue addition to NTFS, and a very welcome one!
Monday, October 31, 2005 6:43 AM by Henry Spencer

# re: SMB2 Protocol - what is a Symbolic Link?

Those who don't understand UNIX are doomed to reinvent it, poorly
Monday, October 31, 2005 6:50 AM by Juan

# re: SMB2 Protocol - what is a Symbolic Link?

So did you stole this from BSD too?
Monday, October 31, 2005 6:51 AM by Larry Seltzer

# re: SMB2 Protocol - what is a Symbolic Link?

>>...for symbolic links to behave correctly, they should be interpreted on the client side of a file sharing protocol (otherwise this can lead to security holes). SMB2 understands the concept of symbolic links and evaluates the links on the client. This is the support that is added in SMB2.0

Will there be SMB2.0 clients for Windows XP/2000/etc or will we need Vista in order for network clients to properly access symlinks?
Monday, October 31, 2005 7:00 AM by omg

# re: SMB2 Protocol - what is a Symbolic Link?

brilliant idea!
Monday, October 31, 2005 7:03 AM by chef

# re: SMB2 Protocol - what is a Symbolic Link?

WinFS = UNIX FS 1970
Monday, October 31, 2005 7:06 AM by todd

# re: SMB2 Protocol - what is a Symbolic Link?

Seems, like so much duplicated efforts now by microsoft at their kernel level, too bad they don't just do something like apple and use freebsd. At this point anyways, it seems like what microsoft is doing is essentially writing their own unix kernel.
Monday, October 31, 2005 7:13 AM by JP

# re: SMB2 Protocol - what is a Symbolic Link?

But how do the new NTFS symbolic links differ from NTFS junction points?

http://en.wikipedia.org/wiki/NTFS_junction_point
Monday, October 31, 2005 7:13 AM by b100dian

# re: SMB2 Protocol - what is a Symbolic Link?

Weren't hard links already in NTFS? I already use them to remap entire folders from Program Files on another drive (e.g. D:)
Monday, October 31, 2005 7:16 AM by Adriano

# re: SMB2 Protocol - what is a Symbolic Link?

Hi,

I'm a little bit confused :(. For me this seems a lot like hardlinks/junction points (http://msdn.microsoft.com/library/en-us/dnfiles/html/ntfs5.asp?frame=true#ntfs5_topic6)

Am I missing the point?

Thanks in advance
Monday, October 31, 2005 7:17 AM by nocturnal

# re: SMB2 Protocol - what is a Symbolic Link?

i never knew how the shortcuts in windows worked but i'm guessing that they don't work as symbolic links then?
Monday, October 31, 2005 7:28 AM by Security Holes?

# re: SMB2 Protocol - what is a Symbolic Link?

Why does showing symlinks to a client that doesn't understand them cause a security hole? Wouldn't they just either not show up or show up as plain files with an unknown type? Why can't symlinks be flagged with a "symlink" attribute that old clients ignore, and transparently point to the destination file when acted upon by an ignorant client, just like you said about applications ("Apps... will now open the target by default, unless they explicitly ask for the symbolic link...."). Can't that apply to clients as well?

Or are you saying that symlinks that the client doesn't understand can lead to things like symlinking across hosts and causing people to open files they didn't know they were opening? More of a "the user doesn't know what their actions are doing" type thing, like when Windows hides file extensions and people think a VBS is a JPG?
Monday, October 31, 2005 7:28 AM by snake

# re: SMB2 Protocol - what is a Symbolic Link?

finally windows will get symlinks ...
Monday, October 31, 2005 7:43 AM by Mike S

# re: SMB2 Protocol - what is a Symbolic Link?

That's great, *nix has been using this successfully for years. Security issues should almost be a moot point as you can learn from others' mistakes. Good to see you guys moving in the right direction...now if only vista would move away from the whole registry thing. :)
Monday, October 31, 2005 7:43 AM by Linuxboi

# re: SMB2 Protocol - what is a Symbolic Link?

so does anyone else think Microsoft is trying to be more like linux now?
Monday, October 31, 2005 8:00 AM by Richard

# re: SMB2 Protocol - what is a Symbolic Link?

It's good that Windows is getting symlinks. They're really useful - just imagine being able to switch over files or directories between versions just by moving a symlink?

I was trying to remember how NFS handles them. Is that also client side? I can see the security hole of having a symlink evaluated server side. Point it to a file that you're not meant to read and read the file. Though won't normal security prevent that problem anyway? If you can't read it, you can't read it. Client side the symlink may not make sense and could also cause confusion for users. Any symlink pointing outside the "share" sounds dodgy.
Monday, October 31, 2005 8:13 AM by Edwin van Uffelen

# re: SMB2 Protocol - what is a Symbolic Link?

In this post, you state that, a symlink neads to be resolved clientside

>> "This is because, for symbolic links to behave correctly, they should be interpreted" <<

the trueth (in my honest opinion though is),
that everything, in a protocol accession the server, should actualy be handled By the server.
because, of the ability to fake the symlink's id to match an object request that otherwise should never be avail to that specific user)

For example: lest say im running a windows Vista server for my clients in a way that compares to a unix-shell server.
for this they are accessiong the system through SMB,

what i would try to do if i wanted unauthorized access,

Id try to reverse engeneer (like samba did) this protocol and fake a network brower's response: telling the server that the symlike called: /user123/ (of wich i am alowed total control = read, write, change and delete)"

isn't actualy a link to: "%datadisk%/serverdocs/users/userver123/date"

nut instead to %windir%/system32 (or even the data dir of another user).


this by self COULD becoome quite a risk if the server itself doesn't check whether this symlink is actualy a valid one...

Now if the server DOES check this, both systems are doing exactly the same job,
Wich in a way both make it redundant, yet also questionable wether it in fact is neaded or just unnesesairy load on your computers...

Ofcaurse with just 1 computer it would hardly make a diference, but with over a 100 or even a 1000 clients it would)...

** based on how symlinks usualy work, they, as al files and folders, inherrit the access rights of thair parrent folder.. so if i gave Full-control to the ..../userver123/ folder of where also this symlink whould be located. - it could get quite nasty if the administrator does not suspect this kind of exploits.


so if in fact i indead would be righ regarding this. could you please shed some light on, what will be done to prevent this from actualy be possible,


______________________
with most kind regard,
Edwin van uffelen, (IT-student)
The Netherlands...
Monday, October 31, 2005 8:21 AM by Interested User

# re: SMB2 Protocol - what is a Symbolic Link?

Damn i had those in os/2 in 1999. Microsloth just got around to it?
Monday, October 31, 2005 8:34 AM by solik

# re: SMB2 Protocol - what is a Symbolic Link?

$ fortune -m 'condemned'
%% (fortunes)
Those who do not understand Unix are condemned to reinvent it, poorly.
-- Henry Spencer

Monday, October 31, 2005 8:45 AM by Joe

# re: SMB2 Protocol - what is a Symbolic Link?

Nice... no more having to use scaaaaary junction points.
Monday, October 31, 2005 9:21 AM by Chris Conti

# re: SMB2 Protocol - what is a Symbolic Link?

To me, Kevin Owen's question seemed to be more about finding out if there is some relationship between the SMB2 symbolic links and the currently implemented NTFS reparse/mount points. Can you expound on this?
Monday, October 31, 2005 9:42 AM by getoverit

# re: SMB2 Protocol - what is a Symbolic Link?

Why does everyone feel the need to post the EXACT same comment about UNIX. Ok - everybody knows that this new feature to Windows, is already part of UNIX, get over it.
Monday, October 31, 2005 10:23 AM by Richard

# re: SMB2 Protocol - what is a Symbolic Link?

Thinking of a server that does symlinks server side - Apache on UNIX. Apache does have checks though to ensure that the symlink doesn't point outside the document root.

These checks are optional. Sometimes it makes sense, sometimes not. Depends on who has write access to the server. They were used in the infamous Mindcraft benchmarks to add more overhead to the Apache server.

Monday, October 31, 2005 10:29 AM by M-RES

# re: SMB2 Protocol - what is a Symbolic Link?

I can't understand how this could create a security problem?

Surely if a client machine logs into a share, then they know the log/pass for that share... if so then they're likely to want access to all areas of that share.

If they try to access files outside of that share (via an alias..er..'symlink') then one would naturally assume that they'll be greeted by a prompt asking them for the log/pass details for the user-account/directory/volume they're trying to access (if the 'symlink' points to a path eminating from anywhere other than the current share's root then it must be outside the share and subject to different permissions).

...or am I missing something here?

Windows, PAH! Funny how their technological "advances" and "innovations" just seem to be long-standing features of other OS' but with added flakeyness. ;)
Monday, October 31, 2005 11:09 AM by Chris K.

# re: SMB2 Protocol - what is a Symbolic Link?

That is one thing that always bugged me about reparse points in NTFS, their inability to refer to network shares.

I want to create a single filespace that I can work from to cover my entire network, but have to resort to using one drive for my local things, and another DFS root.
Monday, October 31, 2005 11:31 AM by Eric

# re: SMB2 Protocol - what is a Symbolic Link?

Don't they already exist in Windows as 'Junctions'? I've been using these for some time. These only work with directories, but work on WinXP, Windows 2000 and Windows 2003:

http://www.sysinternals.com/Utilities/Junction.html

There is also a tool in the W2K Resource kit that will do it as well.
Monday, October 31, 2005 11:45 AM by ITmanager

# re: SMB2 Protocol - what is a Symbolic Link?

A typical set of comments from typical *nix people. Get over your old OS... Or at least move up to Mac. Command line blows...
Monday, October 31, 2005 11:51 AM by silpheed

# re: SMB2 Protocol - what is a Symbolic Link?

the reason I'M having a hard time "getting over it" is because of bits like: "Note symbolic links are an NTFS feature"
Monday, October 31, 2005 12:20 PM by Kurt McKee

# re: SMB2 Protocol - what is a Symbolic Link?

> Note symbolic links are an NTFS feature.

I assume you're saying "It's implemented at the filesystem level", but this is certainly technology that exists far, far into the past in *nix systems.
Monday, October 31, 2005 12:50 PM by miffed

# re: SMB2 Protocol - what is a Symbolic Link?

Don't pretend to reinvent the wheel, come on out and say you are bringing in *nix features.

Now if you could get a native port of the NFS client working properly. And integrated nicely with the "net use" command. Not like the poor implementation in the "Services for Unix" CD.

Monday, October 31, 2005 12:52 PM by Hermann Schinagl

# re: SMB2 Protocol - what is a Symbolic Link?

Well the funny thing is that SMB already supported hardlinks somehow, which I guess hardly nobody found out.

If you call CreateHardlink with a SMB source and destination, and the SMB location points to the same drive a 'remote hardlink' is created, so I deduce SMB supports remote creation of hardlinks.

I have played a lot with hardlinks on NTFS, and
so I am happy to hear NTFS6 will support symbolic links. In the meantime you can play with a few nifty tools related to hardlinks on http://schinagl.priv.at/nt/ntutils.html

Ciao Hermann
Monday, October 31, 2005 1:01 PM by Fredrik Forséll

# re: SMB2 Protocol - what is a Symbolic Link?

At last! This is what they should have implemented originally instead of the horrible .lnk
Monday, October 31, 2005 1:47 PM by DMC69

# re: SMB2 Protocol - what is a Symbolic Link?

You guys should patent this symlink mechanism, that's what I think.
Monday, October 31, 2005 2:46 PM by mike-m

# re: SMB2 Protocol - what is a Symbolic Link?

Don't you know the file systems ext2/3, reiserfs, xfs, ufs. They all support symlinks, soft and hard. The only new thing is that NTFS now support it. I'm not saying it is bad that microsoft does something that already exists, in fact the *.lnk files did really suck, but it isn't definitely something new! Bye.
Monday, October 31, 2005 3:09 PM by DrPizza

# re: SMB2 Protocol - what is a Symbolic Link?

"That is one thing that always bugged me about reparse points in NTFS, their inability to refer to network shares. "

In the betas of Windows 2000 (the older betas, back when it was named "NT 5") you could mount network shares to folders. The feature was killed, for some reason that's not clear to me (because it's the kind of thing that should have been *made to work*, because it's extremely useful).

The reparse point mechanism is, I believe, sufficiently general that one could write a simplistic symlink reparse point without much trouble at all.

I'd think all you really need for symlinks is a generalization of junction points ("generalized" to allow them to point anywhere in the object manager namespace, and to allow them to be attached to files as well as directories). The only other thing you'd need to do is to change their "delete" semantics (it's horrible and wrong that deleting a junction deletes the target, not the junction itself).
Monday, October 31, 2005 4:55 PM by IM

# re: SMB2 Protocol - what is a Symbolic Link?

So, correct me if I'm wrong, but the last 217 comments are pointing out that the Un*x implementation of SMB2.0 already has symbolic links.
If so, why didnt MS just download the Un*x support library?!
Monday, October 31, 2005 6:43 PM by Tom

# re: SMB2 Protocol - what is a Symbolic Link?

IM: Samba (how *nix does SMB) is free software. In order for it to use code from Samba, they would have to release Windows as free software.
Monday, October 31, 2005 7:34 PM by Mike Kolitz

# re: SMB2 Protocol - what is a Symbolic Link?

@silpheed:

"the reason I'M having a hard time 'getting over it' is because of bits like: 'Note symbolic links are an NTFS feature'"

Gosh, that just couldn't mean that it won't work on FAT32. It must mean that Microsoft is claiming to invent it.

Do you people even think before you post?
Monday, October 31, 2005 8:16 PM by rbagwell

# re: SMB2 Protocol - what is a Symbolic Link?

Since this is Windows, which only natively supports NTFS and the FAT variants, the comment that symlinks are an NTFS feature implies that the feature is not available on FAT or FAT32. It does not mean that they are not a feature of any other file system for any other OS.

So once again, get over it.
Tuesday, November 01, 2005 7:20 AM by Roel Pompen (NL)

# re: SMB2 Protocol - what is a Symbolic Link?

This is truely mind-boggling...

As the original creators of UNIX where in the pre-implementing stage, they already thought out the symlink idea on paper..

That was in the summer of 1969, it was implementen within the same year, or the beginning of 1970, as the diskpack for the original system were delivered.

I believe we have to thank Dennis M. Richie for this one. (I'm not sure about that though)
Tuesday, November 01, 2005 12:09 PM by OS historian

# re: SMB2 Protocol - Symbolic Link history

Those who do not learn from history are doomed to repeat it. Repeatedly.

Symbolic links were invented in the Multics operating system in 1965-66, well before Unix was born. The Bell Labs Unix group chose not to implement them, instead providing much more problematic and limited (but easy to implement) "hard links". BSD Unix wisely adopted symbolic links over a decade later, correcting the error, and improving them to allow relative pathnames. It wasn't until AT&T Unix System V disappeared that symbolic links became universally available in *nix systems. The hidebound AT&T attitude is why they weren't in POSIX 1003.1, either. Hard links still present fundamental obstacles to hierarchy-oriented functions like quota management.

Actually, NTFS has had symbolic links for years (maybe NT 3.0?), but they've been hidden from Windows users and accessible only through the POSIX subsystem. They're also used to associate symbolic names (e.g., COM1) with real devices, but Windows users have no visibility into that.

I'd guess that the "news" here is just that those API are being added to the Win32 API--in other words, little news and no novelty. I only hope that they don't introduce gratuitous incompatibilities.
Tuesday, November 01, 2005 2:01 PM by ERX

# re: SMB2 Protocol - what is a Symbolic Link?

Of course, NTFS has had Security Descriptors, Access Control Lists, and system level access auditing.

Hey Unix bigot, want to explain why every Network Attached Storage device based on Unix needs to squash root access? Oh, giant gaping hole in the NFS protocol?

Pot. Kettle. Black.

Now, shut the f**k up.
Friday, November 04, 2005 12:42 AM by Beavis

# SHUTUP

What inspires so many dipsticks to post so much inaccurate garbage here? Shutup. Nobody is impressed with stupid "Unix is better" rhetoric.
Wednesday, November 16, 2005 11:28 AM by LKB

# re: SMB2 Protocol - what is a Symbolic Link?

Beavis: Actually you're wrong. People are impressed by the "Unix is better" rhetoric because ... well ... UNIX IS BETTER. Unix is more stable, more secure, does more, scales better, runs on more hardware. Microsoft is just waking up to this reality. And time and time agein, they have to catch up with the leading *nix systems. many new "features" of Vista are already out there in Unix and Linux. This symlinks feature is just one example.

As a side note, and back to the original post--
If this is a new feature to NTFS, both Microsoft and the open source implementations of Windows file sharing should take it into consideration. But we all know that the open source community will find, patch and fix any holes before Microsoft realizes that hackers are exploiting them.
Tuesday, April 04, 2006 4:26 PM by RaDzAw's Weblog

# Symbolic links w WIndows Vista

Friday, June 16, 2006 4:40 PM by Pratik’s Blog » Blog Archive »

# Pratik&#8217;s Blog &raquo; Blog Archive &raquo;

PingBack from http://pkpatel88.wordpress.com/2005/10/31/36/
Wednesday, July 12, 2006 1:15 AM by OS Headlines » Windows Server 2003 Service Pack 1 (SP1) Roadmap

# OS Headlines &raquo; Windows Server 2003 Service Pack 1 (SP1) Roadmap

PingBack from http://os-headlines.com/blog/2006/07/12/windows-server-2003-service-pack-1-sp1-roadmap/
Saturday, July 05, 2008 5:19 AM by linux symbolic link

# linux symbolic link

PingBack from http://porter.sexstoriesltd.com/linuxsymboliclink.html

Sunday, December 14, 2008 1:56 PM by Lite av varje ?? Windows f??r symboliska l??nkar

# Lite av varje ?? Windows f??r symboliska l??nkar

PingBack from http://www.reuteras.com/blog/2005/10/31/windows-far-symboliska-lankar/

Wednesday, March 11, 2009 3:42 PM by Symbolic Link under SMB2 Protocol &laquo; Pepe&#8217;s Blog

# Symbolic Link under SMB2 Protocol &laquo; Pepe&#8217;s Blog

PingBack from http://pepe101de.wordpress.com/2009/03/11/symbolic-link-under-smb2-protocol/

Leave a Comment

(required) 
required 
(required) 

  
Enter Code Here: Required
 
Page view tracker