samba configuration via rpc - beyond registry shares

David Collier-Brown davec-b at rogers.com
Wed Jan 3 18:17:30 GMT 2007 


Volker Lendecke wrote:
> On Wed, Jan 03, 2007 at 02:48:56PM +0000, David Collier-Brown wrote:
> 
>>  As an initial step, one should be able to request the state be
>>written out in textual form, so you can use a side-by-side diff
>>program to inspect the differences between the registry and the
>>smb.conf, and then either commit or abort the changes to both
>>the smb.conf and the registry.
> 
> 
> What I'd like to see is something like testparm walking the
> sources for smb.conf settings. Having code writing to
> smb.conf is something I would like to avoid if possible.
> Look at passdb/pdb_smbpassd.c to see how difficult it is to
> safely write a much simpler text file.


	I was thinking that this something that required human
	involvement...

>>  Think of this as a synchronization problem: one doesn't necessarily
>>have a master, one has a way of committing individual changes from
>>either to both, and it;s easiest for a Unix person to do that at the
>>Samba end.
> 
> 
> I'd delegate the sync problem to the human admin.

	Yes, probably aided by something like SWAT and
	a "push" program: it's far easier to manage
	the smb.conf file on the Unix side than from
	the other...


> 
> What about the following policy: Once a particular setting
> in the main smb.conf is found, none of the settings there
 > apply anymore, its contents are completely thrown away, and
 > only the registry (or some other potential later source) is
 > looked at.
 >> Some thing like "config backend = registry" or so. No
> stacking, just a single step.


	That reminds me of the "config file" option, which
	was hard to understand the implications of...
	If you use it, I'd recommend you log a warning if
	any other non-commented-out line is in the file.

	It would be "interesting" if it took effect at
	the point it was encountered (;-))
	
> 
> This way all existing configs still work, and it would be an
> explicit manual step by the admin to enable the registry
> config. And we don't have any policy problems with one
> backend overruling the other.

	Sure, but do have the testparm-like program
	available to get the config **back** from the
	registry, or it's a one-way change (:-()

--dave

-- 
David Collier-Brown,         | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
davecb at spamcop.net           |                      -- Mark Twain
(416) 223-5943

More information about the samba-technical mailing list