samba configuration via rpc - beyond registry shares
davec-b at rogers.com
Wed Jan 3 18:17:30 GMT 2007
Volker Lendecke wrote:
> On Wed, Jan 03, 2007 at 02:48:56PM +0000, David Collier-Brown wrote:
>> As an initial step, one should be able to request the state be
>>written out in textual form, so you can use a side-by-side diff
>>program to inspect the differences between the registry and the
>>smb.conf, and then either commit or abort the changes to both
>>the smb.conf and the registry.
> What I'd like to see is something like testparm walking the
> sources for smb.conf settings. Having code writing to
> smb.conf is something I would like to avoid if possible.
> Look at passdb/pdb_smbpassd.c to see how difficult it is to
> safely write a much simpler text file.
I was thinking that this something that required human
>> Think of this as a synchronization problem: one doesn't necessarily
>>have a master, one has a way of committing individual changes from
>>either to both, and it;s easiest for a Unix person to do that at the
> I'd delegate the sync problem to the human admin.
Yes, probably aided by something like SWAT and
a "push" program: it's far easier to manage
the smb.conf file on the Unix side than from
> What about the following policy: Once a particular setting
> in the main smb.conf is found, none of the settings there
> apply anymore, its contents are completely thrown away, and
> only the registry (or some other potential later source) is
> looked at.
>> Some thing like "config backend = registry" or so. No
> stacking, just a single step.
That reminds me of the "config file" option, which
was hard to understand the implications of...
If you use it, I'd recommend you log a warning if
any other non-commented-out line is in the file.
It would be "interesting" if it took effect at
the point it was encountered (;-))
> This way all existing configs still work, and it would be an
> explicit manual step by the admin to enable the registry
> config. And we don't have any policy problems with one
> backend overruling the other.
Sure, but do have the testparm-like program
available to get the config **back** from the
registry, or it's a one-way change (:-()
David Collier-Brown, | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
davecb at spamcop.net | -- Mark Twain
More information about the samba-technical