Package: samba Version: 3.0.14a-3 Severity: grave Justification: causes non-serious data loss
When upgrading from Debian Woody (with Samba 2.x) to Debian Sarge (with Samba 3.x), /var/lib/dpkg/info/samba.postinst attempts to convert the smbpasswd database to the new TDB format, with the following commands: umask 066 pdbedit -i smbpasswd -e tdbsam rm /etc/samba/smbpasswd umask 022 Unfortunately if the user accounts are provided by, eg, LDAP (or NIS, or some other external password database), and that password database is down (due, eg, to being in the process of upgrading from Debian Woody to Debian Sarge...) then there will be a large number of errors reported of the form: build_sam_account: smbpasswd database is corrupt! username ewen with uid 1024 is not in unix passwd database! and the resulting TDB password database will contain few, if any, of the original users because these are omitted since they're "missing" (temporarily due to, eg, slapd being down). samba.postinst then removes the original /etc/samba/smbpasswd file with out making any backup copy or asking the user for permission to do so. This prevents the administrator from rerunning the migration once the LDAP/NIS/etc database has been restarted during the upgrade. IMHO it is inexcusible to deliberately destroy the old version of the password database simply on the assumption that the conversion command "must" have worked. The old password database should be renamed to something which makes it obvious that it is not used any longer (eg, /etc/samba/smbpasswd.pre-migration-to-tdb), but left in place to allow the administrator to recover from any issues that might occur. It would also be an extrememly good idea to delay running the smbpasswd conversion script until the end of the sequence of upgrades so that there is the most chance that LDAP/NIS/etc will be functional again. FWIW, the sole reason that I didn't mark this a critical bug was that, fortunately, smbpasswd is backed up daily into /var/backups. So I don't have to resort to last nights tape backup to recover from this destructive postinst script. Ewen -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.26-wavelength-amd-via Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages samba depends on: ii debconf [debconf-2.0] 1.4.30.13 Debian configuration management sy ii libacl1 2.2.23-1 Access control list shared library ii libattr1 2.4.16-1 Extended attribute shared library ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libcomerr2 1.37-2sarge1 common error description library ii libcupsys2-gnutls10 1.1.23-10 Common UNIX Printing System(tm) - ii libkrb53 1.3.6-2sarge2 MIT Kerberos runtime libraries ii libldap2 2.1.30-8 OpenLDAP libraries ii libpam-modules 0.76-22 Pluggable Authentication Modules f ii libpam-runtime 0.76-22 Runtime support for the PAM librar ii libpam0g 0.76-22 Pluggable Authentication Modules l ii libpopt0 1.7-5 lib for parsing cmdline parameters ii logrotate 3.7-5 Log rotation utility ii netbase 4.21 Basic TCP/IP networking system ii samba-common 3.0.14a-3 Samba common files used by both th -- debconf information: samba/nmbd_from_inetd: * samba/run_mode: daemons * samba/log_files_moved: * samba/tdbsam: true * samba/generate_smbpasswd: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]