Samba - CPU and memory usage - Proposed solution(?)

Andrew Bartlett abartlet at samba.org
Sun Jan 23 10:21:41 GMT 2005


On Sun, 2005-01-23 at 04:40 +0200, Nikos Balkanas wrote:
> Hi Andrew,
> 
> Thanks for the fast reply. I don't know why, your reply reached me as an
> attachment.

This is due to the use of PGP/MIME.  Some mail programs show this
incorrectly as an attachment.

> Do you mean to say that an exact "stat" is performed in this case? Wouldn't
> it be more efficient from the beginning to do 2 "stats" - 1 for upper case,
> the other for lower case? Even in the case where the exact name is known
> from the database, there is no guarantee that windows filesystem will
> request the same case from Unix. Can one do wildcard matching in this case?

Well, we can't do anything else without the directory scan.  I'm not
completely aware of the details, Jeremy Allison was the most involved in
this, and I hope he will comment on this thread.

> > So, you may wish to advise your former employer that an 'out of the box'
> > solution should now be available.
> 
> Can one also disable browsing and wildcard matching per directory? If this
> is not done, security is compromised. Furthermore, only half the performance
> boost is realized, since any time a CRM agent will try to save a bill to his
> own PC, Windows opens as default saving directory the source directory,
> killing the server in the process (and the PC).

This is the usual application of removing the 'read' bit from the unix
permissions on a directory.  I'm not sure how well Samba works on this,
but it would be a really good goal, as it should be about the same as
the 'case sensitive = yes' path.

> The changes I have done result to a somehow "illegal" filesystem. If you do
> a "dir" or open a window on it, they both come up empty and return
> immediately. If, however, you do a "dir filename.txt" and the file exists,
> it will be displayed - only that file. Siebel has a very machinelike naming
> of the files, so little chance an average CRM user can guess it - unless has
> access to the database. This is not much, but guards against accidental
> deletion and is as much security as can be given from the filesystem -
> anything more must be given through the application.

I actually have a similar problem at my site, so I'm interested in
seeing if we can make this work.

> > Finally, I'm pleased to see Samba used being used in such big
> > applications. It's a joy to hear about these kind of installations.
> 
> Always a pleasure - as long as they are knowledge people to take the risk
> and support it in case of problems ;-)

It's also a big advantage being able to fix it yourself :-).

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050123/e4ab4973/attachment.bin


More information about the samba-technical mailing list