kill security=share and security=server
Andrew Bartlett
abartlet at samba.org
Wed Jan 26 22:49:55 MST 2011
On Wed, 2011-01-26 at 17:27 -0800, Jeremy Allison wrote:
> On Thu, Jan 27, 2011 at 11:20:03AM +1000, Andrew Bartlett wrote:
> >
> > It looks good, except that I don't think the _lp_security() function is
> > right. I think the override needs to be in the lp_load_ex(), before the
> > set_server_role(). Otherwise, I think we will print the warning each
> > time we call lp_security(), rather than just on each smb.conf load.
> > (Which is more common?)
>
> No, I don't think so. Remember, lp_security() can now *never*
> return SEC_SHARE. So if we haven't read the smb.conf yet the
> default is SEC_USER, so that doesn't print the message. If
> we have read the smb.conf then we print the message once,
> then set the lp_security() call sets the value of Globals.security
> from SEC_SHARE back to SEC_USER - so that code never gets
> called again (the _lp_security() call in lp_security()
> will now always return SEC_USER).
>
> Let me know if you still disagree with this analysis.
Ahh! I didn't get that part of the subtly (and was, while in talks at
LCA looking at how to handle this 'properly', but it wasn't a trivial
patch).
And given that the set_server_role() stuff is called at the end of an
smb.conf load, the warning should get out there, even in testparm.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
More information about the samba-technical
mailing list