samba-tool domain backup and xattrs

Rowland Penny rpenny at
Mon Apr 9 11:01:40 UTC 2018

On Mon, 09 Apr 2018 22:40:15 +1200
Andrew Bartlett <abartlet at> wrote:

> On Mon, 2018-04-09 at 11:08 +0100, Rowland Penny wrote:
> > 
> > I do hope he going to change the very large mistake that is in the
> > previously version posted, the one that makes the 'sh' script
> > useless to distros.
> Rowland,
> Can you elaborate on this?  

OK, if you run the top part of the previous python script, you get this
on self compiled Samba:

root at dc3:~# samba-tool domain backup
ETC dir: /usr/local/samba/etc

and then run this:

root at dc3:~# samba -b | grep 'CONFIGFILE' | awk '{print $NF}'

But, on a distro package DC:

root at dc4:~# samba-tool domain backup
ETC dir: /var/lib/samba/etc

root at dc4:~# samba -b | grep 'CONFIGFILE' | awk '{print $NF}'

Oh dear, the smb.conf will not be backed up :-(

The fix, change:

        up_from_private = os.path.abspath(os.path.join(p.private_dir, '..'))
        backup_dirs = [p.private_dir, p.state_dir, p.sysvol,
                       os.path.join(up_from_private, 'etc')]


        backup_dirs = [p.private_dir, p.state_dir, p.sysvol,

> To be clear, the locking on the sh script is unsafe.  It was written
> before we understood the need for global locking of the sam.ldb, so
> needs to be replaced.
> Unsafe locking, particularly of the type seen here (because the per-db
> and per-record locks are still respected) is dangerous because it
> appears to work most of the time, but can be subtly corrupt.

Then get the tdbbackup changes into Samba and backport them, there are
people running variants of the 'sh' script and you have now admitted
they are not safe.


More information about the samba-technical mailing list