management of Samba4

James Peach jpeach at sgi.com
Sun Jun 5 23:13:06 GMT 2005 

On Fri, Jun 03, 2005 at 10:51:09PM +1000, Andrew Tridgell wrote:
> James,
> 
>  > So I think this proposal will work well for smbstatus-style apps, and I
>  > can imagine building a really useful samba debugger on top of it. I'm
>  > not sure it is suitable for exporting performance statistics, however.
> 
> I am not proposing that it be used for gathering performance
> statistics. I am proposing it be used to replace the sorts of
> information shown by smbstatus in Samba3, plus a lot more detailed
> information from other subsystems (for example information on the wins
> server, the ldap server etc).

Understood. I interpreted "reporting packets counts" a bit too broadly :)

> For performance monitoring you really do need to use a shared memory
> type of scheme, but what you do is you use a
> START_MONITORING/STOP_MONITORING type of message, so that the (small)
> overhead of doing performance monitoring is not paid when you don't
> need it.
> 
> I also think it is reasonable that the performance monitoring code not
> be as portable as the smbstatus style of monitoring. The 'list of open
> files' information needs to be available for all platforms, whereas
> not being able to do fine grained performance monitoring on systems
> with no way to setup shared memory is OK by me.
> 
> Finally, there are quite different security constraints. With Samba3
> we have the problem that anyone with read access to the various tdb
> databases needed for smbstatus to work can lock those databases (as
> setting read locks in posix relies only on read access to the
> underlying file). That is a potential denial of service attack. Using
> a messaging system we can avoid that problem by building in the
> ability to determine who is sending the message and allowing the
> service function to decide what information to give out depending on
> the user asking for it.
> 
> We will eventually build a performance monitoring system for Samba4,
> but what I proposed earlier today is not it.

This all sounds perfectly reasonable. Thanks for the clarification.

-- 
James Peach | jpeach at sgi.com | SGI Australian Software Group
I don't speak for SGI.

More information about the samba-technical mailing list