samba-technical@lists.samba.org
[Top] [All Lists]

Re: samba configuration via rpc - beyond registry shares

Subject: Re: samba configuration via rpc - beyond registry shares
From: David Collier-Brown
Date: Wed, 03 Jan 2007 18:17:30 +0000


Volker Lendecke wrote:
On Wed, Jan 03, 2007 at 02:48:56PM +0000, David Collier-Brown wrote:

 As an initial step, one should be able to request the state be
written out in textual form, so you can use a side-by-side diff
program to inspect the differences between the registry and the
smb.conf, and then either commit or abort the changes to both
the smb.conf and the registry.


What I'd like to see is something like testparm walking the
sources for smb.conf settings. Having code writing to
smb.conf is something I would like to avoid if possible.
Look at passdb/pdb_smbpassd.c to see how difficult it is to
safely write a much simpler text file.


        I was thinking that this something that required human
        involvement...

 Think of this as a synchronization problem: one doesn't necessarily
have a master, one has a way of committing individual changes from
either to both, and it;s easiest for a Unix person to do that at the
Samba end.


I'd delegate the sync problem to the human admin.

        Yes, probably aided by something like SWAT and
        a "push" program: it's far easier to manage
        the smb.conf file on the Unix side than from
        the other...



What about the following policy: Once a particular setting
in the main smb.conf is found, none of the settings there
> apply anymore, its contents are completely thrown away, and
> only the registry (or some other potential later source) is
> looked at.
>> Some thing like "config backend = registry" or so. No
stacking, just a single step.


        That reminds me of the "config file" option, which
        was hard to understand the implications of...
        If you use it, I'd recommend you log a warning if
        any other non-commented-out line is in the file.

        It would be "interesting" if it took effect at
        the point it was encountered (;-))
        

This way all existing configs still work, and it would be an
explicit manual step by the admin to enable the registry
config. And we don't have any policy problems with one
backend overruling the other.

        Sure, but do have the testparm-like program
        available to get the config **back** from the
        registry, or it's a one-way change (:-()

--dave

--
David Collier-Brown,         | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
davecb@xxxxxxxxxxx           |                      -- Mark Twain
(416) 223-5943

<Prev in Thread] Current Thread [Next in Thread>