Gratuitous advice: files vs. DBs & referential integrity
Nicolas.Williams at wdr.com
Fri Jan 28 21:27:51 GMT 2000
(was Re: [samba-tng] spoolss conversion and others)
I'm a regular Unix sysadmin. Most of my command lines are really KSH
inline scripts. I avoid GUIs (except two). I run screen in two xterms.
Now for the advice:
- passwd/group/netgroup/auto.home/aliases/etc... are like a low-tech
relational database. You have to update all of them when making
certain changes (such as changing a user's username, or closing an
account, and many more such changes).
- relational flat-file databases do NOT scale, both in terms of
performance AND, most importantly, in terms of cost of
administration. If your organization is large enough mistakes are
likely to create as much or more work as service requests.
So, what I suggest be done:
- have a database that implements network semantics or, better yet, and
- have a name service (NIS, LDAP, DNS, tdb, who cares) that is not
- have a database->name service(s) system
- if you must, have a flat-file->name service data system so you can
make urgent changes by hand if your database->name service latency is
too high. Possibly have the database->name service system really be
more like database->flat files->name services.
- structure it all so that a simple change, such as closing an account
or changing a username propagate to all the relevant flat files and
name services as appropriate.
This idea is not far-fetched. Where I work we have implemented a system
as above and it has saved us a lot of work. The product we use is no
longer available commercially, but there are other alternatives,
including Ganymede (open source).
So, Luke, to you I suggest that you use TDB for the Samba SAM DB and
that you (or someone else) write a TDB dump/load tool so that others
(those who complain!) can write their own flat-file->Samba SAM TDB
maintenance system, ala NIS.
The two GUIs I use? Web browsers and the GUI for the OO DB we use for
administration of our name spaces.
-DISCLAIMER: an automatically appended disclaimer may follow. By posting-
-to a public e-mail mailing list I hereby grant permission to distribute-
-and copy this message.-
This message contains confidential information and is intended only
for the individual named. If you are not the named addressee you
should not disseminate, distribute or copy this e-mail. Please
notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete, or contain viruses. The sender therefore
does not accept liability for any errors or omissions in the contents
of this message which arise as a result of e-mail transmission. If
verification is required please request a hard-copy version. This
message is provided for informational purposes and should not be
construed as a solicitation or offer to buy or sell any securities or
related financial instruments.
More information about the samba-technical