FHS defaults for samba4

Andrew Bartlett abartlet at samba.org
Fri Jan 6 08:23:38 GMT 2006


On Thu, 2006-01-05 at 21:57 -0800, Steve Langasek wrote:
> On Fri, Jan 06, 2006 at 06:05:32AM +1100, Andrew Bartlett wrote:
> > As we move towards the tech preview, I have been thinking about old
> > Samba habits that should not die hard.
> 
> > One of these is FHS.  The use of lib for the smb.conf file in the
> > default prefix and the like has been with us for many long years, and we
> > need to fix that up.  In Samba3, debian and the like have patches that
> > change Samba's core to fix this up (even in addition to the --with-fhs
> > configure option), but we should avoid having to do that.
> 
> > Can I have some advise/confirmation, on where we should have:
> 
> >                (packages)           (source install)
> >  - smbd
> >                /usr/sbin            PREFIX/sbin
> >  - smbclient (et al)
> >                /usr/bin             PREFIX/bin
> >  - smb.conf?
> >                /etc/samba           PREFIX/etc
> >  - sam.ldb
> >    secrets.ldb
> >    secrets.keytab
> >    <other private files>
> >                /var/lib/samba/private PREFIX/var/lib/private
> 
> FWIW, I'm not sure why there was ever a separate "private" directory for
> these files; ISTR lkcl arguing for this back in the day based on the
> behavior on some obscure and not terribly Unix-like platform.  We've
> installed the samba3 equivalents to /var/lib/samba directly, since the names
> of the files are predictable and that's all anyone gets out of having these
> in a readable directory.

When I first read lkcl's message many years ago (and before I joined the
team), I presumed he intended to have that directory mode 0700.  We
never did that however...

> >  - WINS database
> >                /var/lib/samba       PREFIX/var/lib
> >  - Samba3 winbindd_privileged pipe (permissions persistent)
> >                /var/lib/samba       PREFIX/var/lib
> 
> My understanding is that the permissions are set on the winbindd_privileged
> directory, not on the socket itself; and at least in Debian, the current
> practice is that files under /var/run are cleaned at boot time, directories
> are not.  This might change in the future, though.  Anyway, for comparison
> we currently store this in /var/run/samba, similar to a number of other
> packages which use Unix sockets.

This actually raises an interesting question for the unprivileged pipe,
particularly in Samba3.  I understand that RedHat is moving it from /tmp
to /var/run.  

> >  - interprocess communication pipes
> >                /var/run/samba/      PREFIX/var/run
> >  - swat files (HTML, client-side js)
> >                /usr/share/samba/swat  PREFIX/share/swat
> >  - templates, provision scripts
> >                /usr/share/samba     PREFIX/share
> >  - logs
> >                /var/log/samba       PREFIX/var/log
> >  - include files
> >                /usr/include         PREFIX/include
> >  - shared libraries
> >                /usr/lib             PREFIX/lib
> >  - plugins
> >                /usr/lib             PREFIX/lib
> >  - locking databases (non-persistent)
> >                /var/run/samba      PREFIX/var/run
> >  - cache databases (winbindd cache)
> >                /var/cache/samba   PREFIX/var/cache
> >  - printing (persistent cache, but you loose print job tracking if you
> > scrub it)
> >                /var/lib/samba     PREFIX/var/
> >    (or should this be /var/cache/samba or /var/spool/samba?)
> 
> > I have no doubt missed some stuff, but it would be nice to try and get
> > this right this time.
> 
> That looks pretty complete to me, save a few details that others have
> already commented on.

Now I just need to create the categories and implement it...

> BTW, here's what I have in /var/lib/samba on a current 3.0 system; I don't
> know how many of these apply (or have yet been implemented) for samba4:
> 
> $ ls /var/lib/samba/
> account_policy.tdb  ntdrivers.tdb  ntprinters.tdb  printers      secrets.tdb
> group_mapping.tdb   ntforms.tdb    passdb.tdb      registry.tdb  share_info.tdb

Thanks.  

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060106/a5d1f5e6/attachment.bin


More information about the samba-technical mailing list