Bug#473651: [samba] Add a regular backup of .tdb files
On Sun, Aug 23, 2009 at 05:33:35PM -0700, Steve Langasek wrote: > I agree that these are equally as important as *passdb.tdb* to back up. But > "copy to /var/backups" is not an appropriate backup strategy - these files > are already under /var/lib and should therefore already be part of any > system backup policy. We should not be backing them up piecemeal in the > samba package. Ah, OK. I was under the impression that /var/backups was meant for "critical odds-and-ends that should be backed up by default even on systems managed by extremely lax sysadmins". A bit of googling for "debian policy /var/backups" shows similar confusion by others. > > One other point: many well-meaning sysadmins may be doing rsync backups of > > their entire systems, including /var/lib/samba, thinking that they are safe > > in > > case of any catastrophe. But they might not be aware that the modification > > date on the *.tdb files rarely gets changed, even if the contents do, > > because > > Samba uses mmap() to access them. > > Er, use of mmap() should not affect the filesystem semantics of mtime. I > think you're mistaken here. You are right, mmap() *should* update mtime according to "man mmap". But I do not believe it ever since I got bitten by a bug like http://his.luky.org/ML/linux-kernel.2005/msg28040.html or http://his.luky.org/ML/linux-kernel.2005/msg28040.html a number of years ago. I have been cautious of how I backup mmapped data ever since. FYI, I just did a test with smbpasswd on my Lenny system with the 2.6.26-2-vserver-686 kernel and the /var/lib/samba/passdb.tdb file changed mtime as it should. Good. -- Erik Rossen OpenPGP key: 2935D0B9 ros...@rossen.ch On fonce la tête dans http://www.rtfm-sarl.ch le guidon et on RTFM. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#473651: [samba] Add a regular backup of .tdb files
On Sun, Aug 23, 2009 at 11:02:31PM +0200, Erik Rossen wrote: > I just spent an hour modifying and testing the pre-existing > /etc/cron.daily/samba to backup the /var/lib/samba/*.tdb files to > /var/backups/samba on a number of Samba servers that I manage. > If /etc/samba/smbpasswd is important enough to backup It isn't. By default, /etc/samba/smbpasswd is pointless to back up. > then so is secrets.tdb, winbind_idmap.tdb, and all of the others. I agree that these are equally as important as *passdb.tdb* to back up. But "copy to /var/backups" is not an appropriate backup strategy - these files are already under /var/lib and should therefore already be part of any system backup policy. We should not be backing them up piecemeal in the samba package. /etc/cron.daily/samba provides handling for /etc/samba/smbpasswd (in the case it's present) equivalent to /etc/cron.daily/standard's handling of /etc/passwd, /etc/group, and /etc/shadow: all of which are variable data stored in /etc out of necessity, and therefore falling outside of any backup policy for /var. That argument does not apply to the files that are already in /var, so I see no argument whatsoever for backing /var/lib/samba up directly in the package. > One other point: many well-meaning sysadmins may be doing rsync backups of > their entire systems, including /var/lib/samba, thinking that they are safe in > case of any catastrophe. But they might not be aware that the modification > date on the *.tdb files rarely gets changed, even if the contents do, because > Samba uses mmap() to access them. Er, use of mmap() should not affect the filesystem semantics of mtime. I think you're mistaken here. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ slanga...@ubuntu.com vor...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#473651: [samba] Add a regular backup of .tdb files
Package: samba Version: 2:3.2.5-4lenny6 Followup-For: Bug #473651 On Wed, 16 Apr 2008 23:08:20 -0700, Steve Langasek wrote: > Actually yes, I do object because I don't think we should be doing piecemeal > backups in individual packages. Losing winbind_idmap is bad, but not worse > than losing other databases on the system, and I haven't seen that tdbs are > noticeably more fragile than other database formats that they should require > a separate backup policy from the rest of the system. I just spent an hour modifying and testing the pre-existing /etc/cron.daily/samba to backup the /var/lib/samba/*.tdb files to /var/backups/samba on a number of Samba servers that I manage. If /etc/samba/smbpasswd is important enough to backup, then so is secrets.tdb, winbind_idmap.tdb, and all of the others. My goal in the attached script is to provide a reasonable chance of recovery in case /var/lib/samba gets blown away. Use it if you like, ignore it if you don't. One other point: many well-meaning sysadmins may be doing rsync backups of their entire systems, including /var/lib/samba, thinking that they are safe in case of any catastrophe. But they might not be aware that the modification date on the *.tdb files rarely gets changed, even if the contents do, because Samba uses mmap() to access them. As a result, rsync might pick up the *.tdb files the first time they are seen and then never again. At least by running tdbbackup regularly, one can guarantee that rsynced *.tdb.bak files are somewhat up-to-date. Personally I do not see anything wrong in supplying a minimal backup procedure as part of a package. Perhaps it should not be installed into /etc/cron* by default, but that is another subject. #!/bin/sh # # cron script to save a backup copy of /etc/samba/smbpasswd in /var/backups. # # Written by Eloy A. Paris for the Debian project. # Augmented by Erik Rossen to backup *.tdb files. # BAK=/var/backups/samba umask 022 mkdir -p $BAK if cd $BAK; then # Make sure /etc/samba/smbpasswd exists if [ -f /etc/samba/smbpasswd ]; then cmp -s smbpasswd.bak /etc/samba/smbpasswd || cp -p /etc/samba/smbpasswd smbpasswd.bak fi # Make sure tdbbackup exists if [ -x /usr/bin/tdbbackup ]; then /usr/bin/tdbbackup /var/lib/samba/*.tdb for i in /var/lib/samba/*.tdb.bak ; do j=$(basename $i) cmp -s $j $i || cp -p $i $j done fi fi
Bug#473651: [Pkg-samba-maint] Bug#473651: [samba] Add a regular backup of .tdb files
On Tue, Apr 01, 2008 at 07:28:55AM +0200, Christian Perrier wrote: > Quoting Gilles Mocellin ([EMAIL PROTECTED]): > > Package: samba > > Version: 3.0.28a-1 > > Severity: minor > > --- Please enter the report below this line. --- > > I recently had a corrupted /var/lib/samba/winbind_idmap.tdb file. > > It was not cool to recover. > > I saw a crontab file for (/etc/cron.daily/samba) which backups the > > smbpasswd > > file. > > It could also make a tdbbackup of all files in /var/lib/samba > > and /var/cache/samba. > > It's harmless. Can be run online. And really helpfull in case of corruption. > Well, I agree that losing Winbind's ID mapping database is certainly > not cool at all. > I actually expect every experienced samba admin to backup that file > and some others (I'd actually recommend backing up the entire > /var/lib/samba directory) but at least helping the less experienced > admin could be a good idea. After all, I still remember the days when > I started using winbind and was ignorant about the importance of ID > mapping. > Other maintainers, objections about a daily cron job for winbind to > backup this file ? > Any ideas about other files important enough to be copied and waste > some space in /var/backups ? Actually yes, I do object because I don't think we should be doing piecemeal backups in individual packages. Losing winbind_idmap is bad, but not worse than losing other databases on the system, and I haven't seen that tdbs are noticeably more fragile than other database formats that they should require a separate backup policy from the rest of the system. But I see that you've already reached the same conclusion on your own, so ok then. :) -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED]
Bug#473651: [Pkg-samba-maint] Bug#473651: Bug#473651: [samba] Add a regular backup of .tdb files
Quoting Gilles Mocellin ([EMAIL PROTECTED]): > So... I keep my script. > > I, the local admin, have learn that I have to backup this file because I have > lost it... > Perhaps should we at least have a big Warning somwhere, where everyone can > see > it ? > In the winbind comments, in smb.conf ? > In a doc file of the winbind package ? I'd say "in good courses about Samba administration" or in good books:-) -- signature.asc Description: Digital signature
Bug#473651: [Pkg-samba-maint] Bug#473651: Bug#473651: [samba] Add a regular backup of .tdb files
Le Monday 14 April 2008 16:07:08 Christian Perrier, vous avez écrit : > tags 473651 wontfix > thanks > > Quoting Christian Perrier ([EMAIL PROTECTED]): > > > It's harmless. Can be run online. And really helpfull in case of > > > corruption. > > > > Well, I agree that losing Winbind's ID mapping database is certainly > > not cool at all. > > > > I actually expect every experienced samba admin to backup that file > > and some others (I'd actually recommend backing up the entire > > /var/lib/samba directory) but at least helping the less experienced > > admin could be a good idea. After all, I still remember the days when > > I started using winbind and was ignorant about the importance of ID > > mapping. > > > > Other maintainers, objections about a daily cron job for winbind to > > backup this file ? > > > > Any ideas about other files important enough to be copied and waste > > some space in /var/backups ? > > After thinking deeper, I think that it would indeed be a dangerous > slope and something that the package cannot really handle well in > place of the local admin's policy. > > So, finally, I won't go this way and I don't see the need to develop > such script in the package. > > Gilles, I think this really belongs to the local admin duties...(s)he > should know that ID mapping is critical and has to be backed up. So... I keep my script. I, the local admin, have learn that I have to backup this file because I have lost it... Perhaps should we at least have a big Warning somwhere, where everyone can see it ? In the winbind comments, in smb.conf ? In a doc file of the winbind package ? signature.asc Description: This is a digitally signed message part.
Bug#473651: [Pkg-samba-maint] Bug#473651: Bug#473651: [samba] Add a regular backup of .tdb files
tags 473651 wontfix thanks Quoting Christian Perrier ([EMAIL PROTECTED]): > > It's harmless. Can be run online. And really helpfull in case of corruption. > > Well, I agree that losing Winbind's ID mapping database is certainly > not cool at all. > > I actually expect every experienced samba admin to backup that file > and some others (I'd actually recommend backing up the entire > /var/lib/samba directory) but at least helping the less experienced > admin could be a good idea. After all, I still remember the days when > I started using winbind and was ignorant about the importance of ID > mapping. > > Other maintainers, objections about a daily cron job for winbind to > backup this file ? > > Any ideas about other files important enough to be copied and waste > some space in /var/backups ? After thinking deeper, I think that it would indeed be a dangerous slope and something that the package cannot really handle well in place of the local admin's policy. So, finally, I won't go this way and I don't see the need to develop such script in the package. Gilles, I think this really belongs to the local admin duties...(s)he should know that ID mapping is critical and has to be backed up. signature.asc Description: Digital signature
Bug#473651: [Pkg-samba-maint] Bug#473651: [samba] Add a regular backup of .tdb files
Quoting Gilles Mocellin ([EMAIL PROTECTED]): > Package: samba > Version: 3.0.28a-1 > Severity: minor > > --- Please enter the report below this line. --- > I recently had a corrupted /var/lib/samba/winbind_idmap.tdb file. > It was not cool to recover. > > I saw a crontab file for (/etc/cron.daily/samba) which backups the smbpasswd > file. > > It could also make a tdbbackup of all files in /var/lib/samba > and /var/cache/samba. > > It's harmless. Can be run online. And really helpfull in case of corruption. Well, I agree that losing Winbind's ID mapping database is certainly not cool at all. I actually expect every experienced samba admin to backup that file and some others (I'd actually recommend backing up the entire /var/lib/samba directory) but at least helping the less experienced admin could be a good idea. After all, I still remember the days when I started using winbind and was ignorant about the importance of ID mapping. Other maintainers, objections about a daily cron job for winbind to backup this file ? Any ideas about other files important enough to be copied and waste some space in /var/backups ? signature.asc Description: Digital signature
Bug#473651: [samba] Add a regular backup of .tdb files
Package: samba Version: 3.0.28a-1 Severity: minor --- Please enter the report below this line. --- I recently had a corrupted /var/lib/samba/winbind_idmap.tdb file. It was not cool to recover. I saw a crontab file for (/etc/cron.daily/samba) which backups the smbpasswd file. It could also make a tdbbackup of all files in /var/lib/samba and /var/cache/samba. It's harmless. Can be run online. And really helpfull in case of corruption. --- System information. --- Architecture: amd64 Kernel: Linux 2.6.24-1-amd64 Debian Release: lenny/sid 600 unstableaptsrc 500 lenny 62.43.64.122 --- Package information. --- Depends (Version) | Installed ==-+- adduser| 3.107 debconf (>= 0.5) | 1.5.20 OR debconf-2.0| libacl1 (>= 2.2.11-1) | 2.2.45-1 libattr1 (>= 2.4.41-1) | 1:2.4.41-1 libc6 (>= 2.7-1) | 2.7-10 libcomerr2 (>= 1.33-3) | 1.40.8-2 libcupsys2 (>= 1.3.4) | 1.3.6-3 libgnutls26 (>= 2.2.0-0) | 2.2.2-1 libkrb53 (>= 1.6.dfsg.2) | 1.6.dfsg.3~beta1-4 libldap-2.4-2 (>= 2.4.7) | 2.4.7-6.1 libpam-modules | 0.99.7.1-6 libpam-runtime (>= 0.76-13.1) | 0.99.7.1-6 libpam0g (>= 0.99.7.1) | 0.99.7.1-6 libpopt0 (>= 1.10) | 1.10-3 logrotate | 3.7.1-3 lsb-base(>= 3.0-6) | 3.2-6 procps | 1:3.2.7-6 samba-common (= 3.0.28a-1) | 3.0.28a-1 update-inetd | 4.30 zlib1g | 1:1.2.3.3.dfsg-11 signature.asc Description: This is a digitally signed message part.