Package: samba
Version: 3.0.14a-3
Severity: grave
Justification: causes non-serious data loss
When upgrading from Debian Woody (with Samba 2.x) to Debian Sarge (with
Samba 3.x), /var/lib/dpkg/info/samba.postinst attempts to convert the
smbpasswd database to the new TDB format, with the following commands:
umask 066
pdbedit -i smbpasswd -e tdbsam
rm /etc/samba/smbpasswd
umask 022
Unfortunately if the user accounts are provided by, eg, LDAP (or NIS, or
some other external password database), and that password database is
down (due, eg, to being in the process of upgrading from Debian Woody
to Debian Sarge...) then there will be a large number of errors reported
of the form:
build_sam_account: smbpasswd database is corrupt! username ewen with
uid 1024 is not in unix passwd database!
and the resulting TDB password database will contain few, if any, of
the original users because these are omitted since they're "missing"
(temporarily due to, eg, slapd being down).
samba.postinst then removes the original /etc/samba/smbpasswd file with
out making any backup copy or asking the user for permission to do so.
This prevents the administrator from rerunning the migration once the
LDAP/NIS/etc database has been restarted during the upgrade.
IMHO it is inexcusible to deliberately destroy the old version of the
password database simply on the assumption that the conversion command
"must" have worked. The old password database should be renamed to
something which makes it obvious that it is not used any longer (eg,
/etc/samba/smbpasswd.pre-migration-to-tdb), but left in place to allow
the administrator to recover from any issues that might occur.
It would also be an extrememly good idea to delay running the smbpasswd
conversion script until the end of the sequence of upgrades so that
there is the most chance that LDAP/NIS/etc will be functional again.
FWIW, the sole reason that I didn't mark this a critical bug was that,
fortunately, smbpasswd is backed up daily into /var/backups. So I
don't have to resort to last nights tape backup to recover from this
destructive postinst script.
Ewen
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.26-wavelength-amd-via
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages samba depends on:
ii debconf [debconf-2.0] 1.4.30.13 Debian configuration management sy
ii libacl1 2.2.23-1 Access control list shared library
ii libattr1 2.4.16-1 Extended attribute shared library
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libcomerr2 1.37-2sarge1 common error description library
ii libcupsys2-gnutls10 1.1.23-10 Common UNIX Printing System(tm) -
ii libkrb53 1.3.6-2sarge2 MIT Kerberos runtime libraries
ii libldap2 2.1.30-8 OpenLDAP libraries
ii libpam-modules 0.76-22 Pluggable Authentication Modules f
ii libpam-runtime 0.76-22 Runtime support for the PAM librar
ii libpam0g 0.76-22 Pluggable Authentication Modules l
ii libpopt0 1.7-5 lib for parsing cmdline parameters
ii logrotate 3.7-5 Log rotation utility
ii netbase 4.21 Basic TCP/IP networking system
ii samba-common 3.0.14a-3 Samba common files used by both th
-- debconf information:
samba/nmbd_from_inetd:
* samba/run_mode: daemons
* samba/log_files_moved:
* samba/tdbsam: true
* samba/generate_smbpasswd: false
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
