samba-tool domain backup and xattrs

Andrew Bartlett abartlet at
Mon Apr 9 11:13:23 UTC 2018

On Mon, 2018-04-09 at 12:01 +0100, Rowland Penny wrote:
> The fix, change:
>         up_from_private = os.path.abspath(os.path.join(p.private_dir, '..'))
>         backup_dirs = [p.private_dir, p.state_dir, p.sysvol,
>                        os.path.join(up_from_private, 'etc')]
> To:
>         backup_dirs = [p.private_dir, p.state_dir, p.sysvol,
>                        os.path.dirname(p.smbconf)]

Thanks.  This is really helpful to have picked up!

> > 
> > To be clear, the locking on the sh script is unsafe.  It was written
> > before we understood the need for global locking of the sam.ldb, so
> > needs to be replaced.
> > 
> > Unsafe locking, particularly of the type seen here (because the per-db
> > and per-record locks are still respected) is dangerous because it
> > appears to work most of the time, but can be subtly corrupt.
> Then get the tdbbackup changes into Samba and backport them, there are
> people running variants of the 'sh' script and you have now admitted
> they are not safe.

To be clear, tdbbackup -r isn't enough.  It just allows the locking of
the full database tree.  That is done in the python script using
transactions from the ldb python bindings. 

Thank you for your feedback above and I hope this clarifies why it
isn't possible to implement this safely in sh.

Andrew Bartlett

Andrew Bartlett             
Authentication Developer, Samba Team
Samba Developer, Catalyst IT

More information about the samba-technical mailing list