samba-tool domain backup and xattrs

Rowland Penny rpenny at samba.org
Mon Apr 9 11:01:40 UTC 2018


On Mon, 09 Apr 2018 22:40:15 +1200
Andrew Bartlett <abartlet at samba.org> wrote:

> On Mon, 2018-04-09 at 11:08 +0100, Rowland Penny wrote:
> > 
> > I do hope he going to change the very large mistake that is in the
> > previously version posted, the one that makes the 'sh' script
> > useless to distros.
> 
> Rowland,
> 
> Can you elaborate on this?  

OK, if you run the top part of the previous python script, you get this
on self compiled Samba:

root at dc3:~# samba-tool domain backup
ETC dir: /usr/local/samba/etc

and then run this:

root at dc3:~# samba -b | grep 'CONFIGFILE' | awk '{print $NF}'
/usr/local/samba/etc/smb.conf

But, on a distro package DC:

root at dc4:~# samba-tool domain backup
ETC dir: /var/lib/samba/etc

root at dc4:~# samba -b | grep 'CONFIGFILE' | awk '{print $NF}'
/etc/samba/smb.conf

Oh dear, the smb.conf will not be backed up :-(

The fix, change:

        up_from_private = os.path.abspath(os.path.join(p.private_dir, '..'))
        backup_dirs = [p.private_dir, p.state_dir, p.sysvol,
                       os.path.join(up_from_private, 'etc')]

To:

        backup_dirs = [p.private_dir, p.state_dir, p.sysvol,
                       os.path.dirname(p.smbconf)]

> 
> To be clear, the locking on the sh script is unsafe.  It was written
> before we understood the need for global locking of the sam.ldb, so
> needs to be replaced.
> 
> Unsafe locking, particularly of the type seen here (because the per-db
> and per-record locks are still respected) is dangerous because it
> appears to work most of the time, but can be subtly corrupt.

Then get the tdbbackup changes into Samba and backport them, there are
people running variants of the 'sh' script and you have now admitted
they are not safe.

Rowland



More information about the samba-technical mailing list