On Wed, Dec 07, 2005 at 06:59:47PM +0100, Christian Perrier wrote: > In #267606, Anand suggests providing a "better" smb.conf file as > default settings for the Debian package.
> However, in his patch, he included a controversial issue (defaulting > to encrypted passwords) and then all enhancements he proposed (such as > many options with nice comments) were "forgotten". > We probably have a few options here: > -say "the default smb.conf file is a small and simple compromise and > anyway the possible use cases are so many that we can't provide > something suited for everything" > That would mean closing the bug and voilĂ I don't think this is the right option. There is definitely room for improvement in the default smb.conf (see the recent passwd chat changes, for instance), and I think we should keep this on our radar. I just think we need to look at proposed changes one at a time, rather than all at once. It might even be best to clone a separate bug report from here for each suggested change, so that we can discuss with less confusion. > -apply Anand's suggested changes *as long as they don't change the > current default behaviour* > That would mean cleaning the patch from "bahviour changes" options > and apply it That seems to assume that the current defaults are necessarily correct, which I'm not sure they are. :) > -try to enhance the current file with a very complete file listing all > possible options, in a way similar to what are currently doing > packages like Squid > That would mean goind through all smb.conf options and *document* > them, hence duplicating smb.conf(5) No, I don't think that would make it a very good example at all. There are way too many options available that the vast majority of users should *never* touch. I think that any commented out examples that we include should be for settings that a user *is* likely to need to change. I also think that if there are defaults that should be changed, we should wherever possible include an upgrade path for users of existing Samba packages, either by changing the built-in default or by providing a config file upgrade path that the admin can opt into. BTW, looking over Anand's diff again, right off the bat I see a number of settings he's providing examples for which fall into the "never touch these" category: os level, local master, and preferred master. The enabling of connections from user: root is something that probably needs a good deal of discussion, as well -- AIUI, recent samba3 versions have new options that let non-root users do most of the administration that would have been done with the root account before, so we should check whether these cover everything so we don't have to allow root as a valid user. (This is related to the 'enable privileges = yes' suggested by Andrew Suffield in bug #320893, btw...) -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
signature.asc
Description: Digital signature