svn commit: samba r23322 - in branches/SAMBA_3_0_26/source: . groupdb

Gerald (Jerry) Carter jerry at samba.org
Wed Jun 6 12:21:01 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

tridge at samba.org wrote:
> Jerry,
> 
>  > If you feel comfortable enough with it, I'd rather just drop
>  > the selectable backend option.  We might leave it in for testing
>  > but I would like to avoid it in the final 3.0.26 release.
>  > It can take so long to remove parameters from smb.conf once
>  > they are in released version.
>  > 
>  > What do you think?
> 
> I don't see the harm in having these sorts of options in 
> the code, but deliberately not documenting them.

But they never stay undocumented.  They become part of Samba
urban legends.

> They give us options in case a subsystem has a security 
> hole, and we can then say in an advisory "here is
> the simple workaround, add this to smb.conf". It would mean
> some work for admins (moving their groups back to the tdb, 
> which is not automated) but its doable.
> 
> I don't actually expect this will be needed as I am 
> very confident of this code, I just don't see the harm
> in keeping options open.

Please remove the option.  If we don't absolutely need
the parameter, then adding it is bloat IMO.

> It can also have unexpected benefits. For example, 
> Volker just pointed out that ldb doesn't obey the "use
> mmap" option for it's underlying tdb files. I will fix
> that tonight, but if we had discovered this after
> the release then we might have had to do a new release
> just to work around the broken mmap in HPUX, whereas
> otherwise we can get a few days grace by announcing
> to the mailing lists that HPUX users should set the
> option to use tdb based group mapping.

I don't think using tdb as a workaround for a bug
in ldb in this case is valid even as a temporary workaround.
Either we ship ldb or we don't.  Sorry for being so hard
nosed about it, but I fell very strongly about removing
the "groupdb:backend" option.

I will defer to the majority of course, but no one else
seems to be voicing their opinion.




cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGZqasIR7qMdg1EfYRAh1vAKDV1eP6XMQ1NaPgnxSDCiQSM6wmPQCfd+AD
/e7ZctXVk9Z4CeQwm9voMz0=
=v3IX
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list