IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This seems to have been basically taken from the manpages/lists.xls
from the docbook-xsl stylesheets. But it references a variable list-indent
that older versions of docbook-xsl (e.g. 1.69) do not provide.
This makes the manpage build break on older systems. Removing
the definition lets the build succeed, using the system-definition
of the itemizedlist/listitem.
The diff between the docbook's (version 1.75.1) definition of
itemizedlist/listitem and the definition in our man.xls is this:
-- with this patch
-- without this patch
@@ -53,5 +53,7 @@
<!-- * seems to require the extra space. -->
<xsl:call-template name="roff-if-end"/>
<xsl:apply-templates/>
- <xsl:text>.RE </xsl:text>
+ <xsl:if test=" following-sibling::listitem">
+ <xsl:text> .RE </xsl:text>
+ </xsl:if>
</xsl:template>
I.e. the version of man.xsl made insertion if ".RE" conditional.
I hope this does not break anything severely.
The diff for e.g. the resulting winbindd.8 manpage is this:
--- with this patch
+++ witout this patch:
@@ -375,7 +375,6 @@
\m[blue]\fBwinbind: rpc only\fR\m[]
Setting this parameter forces winbindd to use RPC instead of LDAP to retrieve information from Domain Controllers\&.
-.RE
.SH "EXAMPLE SETUP"
.PP
To setup winbindd for user and group lookups plus authentication from a domain controller use something like the following setup\&. This was tested on an early Red Hat Linux box\&.
Cheers
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jan 12 18:13:54 CET 2011 on sn-devel-104
Since commit 7022554, smbds share a printcap cache (printer_list.tdb),
therefore ordering of events between smbd processes is important when
updating printcap cache information. Consider the following two process
example:
1) smbd1 receives HUP or printcap cache time expiry
2) smbd1 checks whether pcap needs refresh, it does
3) smbd1 marks pcap as refreshed
4) smbd1 forks child1 to obtain cups printer info
5) smbd2 receives HUP or printcap cache time expiry
6) smbd2 checks whether pcap needs refresh, it does not (due to step 3)
7) smbd2 reloads printer shares prior to child1 completion (stale pcap)
8) child1 completion, pcap cache (printer_list.tdb) is updated by smbd1
9) smbd1 reloads printer shares based on new pcap information
In this case both smbd1 and smbd2 are reliant on the pcap update
performed on child1 completion.
The prior commit "reload shares after pcap cache fill" ensures that
smbd1 only reloads printer shares following pcap update, however smbd2
continues to present shares based on stale pcap data.
This commit addresses the above problem by driving pcap cache and
printer share updates from the parent smbd process.
1) smbd0 (parent) receives a HUP or printcap cache time expiry
2) smbd0 forks child0 to obtain cups printer info
3) child0 completion, pcap cache (printer_list.tdb) is updated by smbd0
4) smbd0 reloads printer shares
5) smbd0 notifies child smbds of pcap update via message_send_all()
6) child smbds read fresh pcap data and reload printer shares
This architecture has the additional advantage that only a single
process (the parent smbd) requests printer information from the printcap
backend.
Use time_mono in housekeeping functions As suggested by Björn Jacke.
The idmap_rid module should not be used as a default backend.
Also mention that the old snytax "idmap backend = rid:domain=range ..."
is not supported any more.
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Tue Dec 7 19:07:57 CET 2010 on sn-devel-104
vl recently pointed me to a valid reason to use posix locking = no.
Fix the smb.conf manpage to explain this reason, as this question
comes up on the samba mailing list from time to time as well.
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Wed Dec 1 10:37:30 CET 2010 on sn-devel-104
This is an initial implementation of the idmap_autorid module.
It works similar to the idmap_rid module but requires less
configuration. It will automatically pick ranges for each domain,
so you do not have to bother any more about adding an idmap
configuration for all of the domains in the forest.
This is very easy to use and to configure and much more
deterministic and faster than idmap_tdb, the typical choice
of Samba users up to now.
Fix bug #7260 (Command line option documentation in wrong place in winbindd man
page.). Thanks to Ged Haywood <samba@jubileegroup.co.uk> for reporting!
Karolin
This boolean option controls whether at exit time the server dumps a list of
files with debug level 0 that were still open for write. This is an
administrative aid to find the files that were potentially corrupt if the
network connection died.
This patch removes all of the files from the samba tree that should now
be provided by the cifs-utils package. It also drops a
"README.cifs-utils" into the topdir with a URL to the main cifs-utils
webpage. This is for people who don't want the lists and might be taken
by surprise by the change. That's optional, but I think it's a good idea
for a least a release or two.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Supports negated arguments in configuration like:
full_audit:success = all !readdir !telldir !closedir
Update the manpage accordingly.
Part of BSO#4025
Change parameter "wide links" to default to "no".
Ensure "wide links = no" if "unix extensions = yes" on a share.
Fix man pages to refect this.
Remove "within share" checks for a UNIX symlink set - even if
widelinks = no. The server will not follow that link anyway.
Correct DEBUG message in check_reduced_name() to add missing "\n"
so it's really clear when a path is being denied as it's outside
the enclosing share path.
Jeremy.
Thanks to the Debian samba package maintainers
<pkg-samba-maint@lists.alioth.debian.org> for providing the patch!
Fix bug #7017 (Typos and spelling errors in manpages).
Karolin
Change since last post:
- fix build error due to superfluous </para> tag.
- ensure it builds fine.
Also add a section on INODE NUMBERS that discusses inode numbers more
thoroughly and add reference to it in "nounix" and "noserverino"
options.
Thanks to Jeff Layton for explaining those details.
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
in the "user.DOSATTRIB" EA. From the docs:
In Samba 3.5.0 and above the "user.DOSATTRIB" extended attribute has been extended to store
the create time for a file as well as the DOS attributes. This is done in a backwards compatible
way so files created by Samba 3.5.0 and above can still have the DOS attribute read from this
extended attribute by earlier versions of Samba, but they will not be able to read the create
time stored there. Storing the create time separately from the normal filesystem meta-data
allows Samba to faithfully reproduce NTFS semantics on top of a POSIX filesystem.
Passes make test but will need more testing.
Jeremy.
When something in the cluster blocks, it can happen that we wait indefinitely
long for ctdb, just adding to the blocking condition. In theory, nothing should
block, but as someone said "In practice the difference between theory and
practice is larger than in theory". This adds a timeout parameter in seconds,
after which we stop waiting for ctdb and panic.
This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of
transitive AD trusts. The workaround is to add a [capaths] directive to
/etc/krb5.conf, which we don't automatically put into the krb5.conf winbind
creates.
The alternative would have been something like a "krb5 conf include", but I
think if someone has to mess with /etc/krb5.conf at this level, it should be
easy to add the site-local KDCs as well.
Next alternative is to correctly figure out the [capaths] parameter for all
trusted domains, but for that I don't have the time right now. Sorry :-)
Igor Mammedov pointed out that reverse resolving an IP address to get
the hostname portion of a principal could open a possible attack
vector. If an attacker were to gain control of DNS, then he could
redirect the mount to a server of his choosing, and fix the reverse
resolution to point to a hostname of his choosing (one where he has
the key for the corresponding cifs/ or host/ principal).
That said, we often trust DNS for other reasons and it can be useful
to do so. Make the code that allows trusting DNS to be enabled by
adding --trust-dns to the cifs.upcall invocation.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
cifs.upcall takes a "-c" flag that tells the upcall to get a principal
in the form of "cifs/hostname.example.com@REALM" instead of
"host/hostname.example.com@REALM". This has turned out to be a source of
great confusion for users.
Instead of requiring this flag, have the upcall try to get a "cifs/"
principal first. If that fails, fall back to getting a "host/"
principal.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Some recent versions of Inkscape (0.47 or around) have bug when export file name
is treated as relative against the directory of original .svg if it wasn't specified
as an absolute path. Fix it by always using absolute paths during conversion.
For some users who are used to smbclient, it is not clear that
mount.cifs never uses smb.conf for configuring client specific
parameters. So, let's add this information to mount.cifs man page.
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Before 3.3, an smbcontrol debug message sent to the target "smbd" would
actually be sent to all running processes including nmbd and winbindd.
This behavior was changed in 3.3 so that the "smbd" target would only
send a message to the process found in smbd.pid, while the "all" target
would send a message to all processes.
The ability to set the debug level of all processes within a single
daemon, without specifying each pid is quite useful. This was implemented
in winbindd in 065760ed. This patch does the same thing for smbd.
Upon receiving a MSG_DEBUG the parent smbd will rebroadcast it to all of
its children.
The printing process has been added to the list of smbd child processes,
and we now always track the number of smbd children regardless of the
"max smbd processes" setting.
Add a new section entitled FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS
that attempts to cover information about this topic. Change the uid=
and gid= options to refer to that section. Add new varlistentries for
forceuid, forcegid and dynperm.
Also update the information about how the program behaves when installed
as a setuid binary.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
The 'ldap suffix' is not added automatically to the 'ldap admin dn'.
This fixes bug #5584.
Thanks to Stefan Bauer <stefan.bauer [at] plzk.de> for reporting!
Karolin
