FW: Speed comp. TNG & 2.2.alpha (fwd)

Andrew Bartlett abartlet at pcug.org.au
Tue Feb 27 10:56:37 GMT 2001


Luke Kenneth Casson Leighton wrote:
> 
> On Tue, 27 Feb 2001, Andrew Bartlett wrote:
> 
> > Luke Kenneth Casson Leighton wrote:
> > >
> > > On Fri, 23 Feb 2001, Andrew Bartlett wrote:
> > >
> > > > I have around 300 users, most of who are in a 'students' primary group.
> > > > There are a few groups (54 including system groups), all of which don't
> > > > have very many (non-primary) members.
> > >
> > > okay.  all those names are unique, yes?
> > >
> > > none of the users have the same name as any of the groups, is this
> > > correct?
> > >
> >
> > A small number are, all RedHat private user groups.  Some are system
> > groups (ie, root.root, named.named and the like).  Most users are just
> > students, staff or admins.  It should'nt be that hard to add an
> > exception into the code that just ignores private groups should it?
> > Also ignoring sytem users and groups shouldn't be that hard.
> 
> private groups?  what do you mean, private groups.

RedHat has this 'feature' whereby all users are automatically made
members of a private group - eg I (abartlet) have a primary group of
'abartlet', of which nobody else is a member.  This means that all files
I create are owned by 'abartlet.abartlet'.  On a 'standard' RedHat
setup, this would have been 300 users and 300 groups - I only used the
'normal' setup because I wanted group quotas.

> 
> we added code two years ago to allow admins to map certain users and
> certain groups to different nt names.
> 
> see, what i did was, if it's a user, use that.
> 
> else:
> 
> if you are a PDC, BDC or member-of-domain,
> 
>         if it's not in the alias-map-file, it's a group.
> 
> if you are a stand-alone workstation:
> 
>         if it's not in the group-map-file, it's an alias.
> 
> this allows a unix /etc/group file to be "presented" to the NT world.  i
> did not add a mechanism to "disallow" certain users/groups from this view.
> the search algorithm, which must resolve a name in *all* spaces - users,
> groups and aliases - is known to be O(N^3).  i.e. horrible.  esp. when it
> comes to looking up a user's NT group RIDs, that's particularly when you
> get hammered badly, as people are finding out.
> 
> we added some code that allowed unix user lookups to be cached for short
> periods of time, as this gave a speed-up in performance of a factor of
> about 100 on certain unix systems.  it is disabled by default, or i may
> have even removed it altogether.
> 
> the entire codebase basically needs to be trashed and rewritten, as all
> existing implementations (all versions of samba) are major headache hacks
> from which the correct approach has been learned but not yet implemented.
> 
> luke
> 
>  ----- Luke Kenneth Casson Leighton <lkcl at samba-tng.org> -----
> 
> "i want a world of dreams, run by near-sighted visionaries"
> "good.  that's them sorted out.  now, on _this_ world..."

-- 
Andrew Bartlett
abartlet at pcug.org.au




More information about the samba-ntdom mailing list