Slashdot Mirror
Tridgell Taking Samba Beyond POSIX
dW writes "The Australian hacker has been working on pushing Samba beyond the POSIX world and figuring out what work needs to be done to get Samba to support new filesystems such as XFS, ext3, and Storage Tank. The answer is nothing less than a complete rewrite of Samba's smbd code, which has become his latest pet project. Here's an interview with Andrew Tridgell on his latest Samba rewrite."
Out of the datacenter market!
You think that I'm crazy, you should see this guy!
There's no support for ext3? I'm sharing out several partitions with ext3 file systems via samba right now. Maybe they meant some other type of "support".
Everyone is entitled to their own opinion. It's just that yours is stupid.
They way I'm reading this support for things like XFS/ext3 etc is that samba will implment things such as native ACL's and such like. However I can help but wonder how these will be preserved if say the server is XFS and the Client FAT. The only think I can think of is some sort of file which stores it as Metadata. Of course if it was XFS -> ext3 then you might be able to convert to the native setup but it might be buggy and subject to the filesystem formats changing
Rus
Cheap UK and US VPS
...only because I am on a windows-based network!
else I'll be using NFS which is a much better protocol in every area.
samba appears to support FFS with softupdates just ;)
fine so I'm cool.
For every annoying gentoo user, are three even more annoying anti-gentoo crybabies. Take Yosh from #Gimp for example.
I think he means that instead of Samba presenting itself as a legacy CIFS file server it should serve files to a client expecting other file systems. So you could run Samba on AIX and tell your Linux box it's an ext3 connection.
Or maybe it's because the user level file systems on plan9 have made too much of a mark on me.
open, close, read, write & walk baby, s'all you need
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Samba's existence is vastly important to the adoption by corporate management of perceived 'alternate' computing systems (i.e., Linux, Mac, sometimes Unix, as opposed to Windows) in the datacenter. The simple fact that there exists an easy-to-use, open source method of interconnecting disparate file systems, allowing multiple OS co-existance, is often the lynchpin in convincing managers to permit non-Windows systems to be deployed in a company. I have worked in several situations where employees have wanted to use Mac OSX desktops or Linux/Unix servers (etc.) in an all-Windows shop, and managers balked at the idea until they were convinced that data could still be exchanged, and that the 'alternative' OS'es could still 'talk' to the Windows machines.
With this established managerial behavior in mind, isn't it interesting that IBM would have hired Samba's creator outright, to work on a project which furthers Samba's ability to communicate with additional operating systems? Samba in many ways is a 'license to change' computers in a datacenter for IT staff. IBM has positioned itself to pump funding directly into the Samba project, as well as to have a say in which file systems it supports; this gives IBM the ability to write its own ticket in terms of promoting its disparate filesystem architectures' usage in the datacenter, alongside their Windows brethren.
Who's working on polishing up that ActiveDirectory and Kerberos stuff so I can continue to use my samba based PDC with WinXP.
It's neat that he's extending the SMB protocol to support some more of the native features of the underlying filesystems.
But I'd wager the lions share of it's user base want samba to replace/supplement Win2k Server, and soon Win2003.
This always happens in open source. Projects get pulled in a new direction before they're completed. Developers always want to work on neat stuff and get bogged down in the academics, and it doesnt produce a truly functional result.
There's nothing that can be done about it, it's his time, his decision. Still, it sure would be nice for samba to be a full member of a Windows 2000 domain.
I don't need no instructions to know how to rock!!!!
When I first read the headline, I thought that it said "Trogdor Taking Samba Beyond POSIX." I thought "Why would the burninator bother with this? Doesn't he have villages to burninate?" Yeah. I'll go ahead and read the article now...
The article was similar to Tridge's talk on the same subject at linux.conf.au in January - "towards full NTFS semantics in Samba."
The talk (in Ogg Speex audio format) and accompanying paper are on the linux.conf.au CD. There's a list of mirrors on their web site, both to mounted copies of the CD so you can download individual talks, and ISO images of the whole thing.
I was on Monday and Tuesday on SambaXP where Tridge had talk about Samba 4. Also we discussed possibility of having completely Windows-compatible (and NFS v4) compatible ACLs on standard fs like XFS and ext3. Result was that Samba team needs a kernel interface for this so I'm going to hire some summer students for this and I expect some working code on autumn.
I don't use SMB shares you insensitive clod!
What's that you say? this isn't a poll? d'oh!
I don't know what they're talking about, but if you compile XFS in, all the acls libs, and then compile Samba, you get something that you couldn't tell from Windows. Apart from the uptime, the speed, the security....
Get your own free personal location tracker
I wasn't aware that Windows supported a view of files where they had multiple forks.
I hated the concept of resource forks on Macs, and I hate this.
There can be only one perhaps?
You may think me a tired, old, cynic. I'd have to disagree about the tired bit.
Cos AIX, Darwin, Linux, Digital Unix, HP-UX, Irix, MacOS X 10, Solaris, *BSD and Windows all have free client software...
So, by "majority of OSes"... Did you mean DOS?
Government of the people, by corporate executives, for corporate profits.
This is an interesting article.
I don't think the Samba team is well. At least not in the head anyways.
These guys look at some of the uglyest packets in the world. And they keep doing it. And they keep coming back for more. Ever hear Tridge talk about whats going on inside the SMB packets? Hes not too hard on MS in the large public forums but see what happens when you hand him a VB or 5 before a talk... then he will give it to you without the sugar coating... Were talking odd sized data structures that may or may not be little endian. Most of the time the structures are hiding inside other structures and the inner and outer structures will have different bitness and different world alignments. Nest a few levels for even more pain. And then repeat. This is what these guys do for FUN! This is why I'm concerned about them.
Now they want to tackle other stuff as well? Maybe they could just throw in Novell's stuff for grins. Once they have done that, they will win the all time award for being the most saito masicistic coders ever. No one will ever be able to beat them. Ever. Its not even worth attempting to compete with them.
A complete rewrite? WTF? I thought smart developers learned a long time ago that rewrites are almost always a waste of time.
There are many issues to be overcome when doing a complete rewrite. As a developer, I understand the desire to rewrite something from scratch to make it feel better. You feel like you are doing something to improve the system. However, this hardly ever happens. Most developers face serious burn-out issues when they rewrite something. It's fun at first but as you realize the magnitude of what you're trying to do, you quickly start to burn out before you are even close to finishing.
The thing is, even if you do manage to rewrite everything, there will STILL be issues. Hacks, special conditions, etc. All the same types of issues that made you feel bad about the original version will be present in the new version. They may take a different form, but they will still be there.
Successful systems tend to just continue off the old code. Rewrite the problem areas, add things that are needed, etc. That's how you make forward progress. In the end, the only thing that matters is that it works. It doesn't matter how crappy you feel about the code, if it works then people can and will use it.
It's not an impossible task, I just think it's not the smartest thing to do.
The ratio of people to cake is too big
Actually, no- I'd rather have cross-platform file locking. Correct me if things have changed since 2000 when samba and netatalk developers were "thinking" about this problem, but...
It is a HUGE problem that netatalk, Samba, NFS, and the system itself don't share common file-locking, and some file-based applications like Visual Source Safe(still used by many shops) -require- file locks be across all the shares; if you don't have it, you run a serious chance of screwing things up.
WinNT/Win2k with Services for Macintosh is the only server I know of capable of cross-platform locking, and that is pathetic...
Please help metamoderate.
Instead of trying to simply take advantage of extended attributes of various filesystems, what about taking Samba the same route as NFS and implement some kernel-level support? Replace the existing kerne smb code with samba-based client/server bits, similar to NFS; a mix of knfsd and usreland bits like portmap. This could eliminate the many layers that could crop up simply by trying to make the daemon-only version use various filesystem bits.
Don't convert the ENTIRE samba to kernelspace; that would be pointless for samba on other platforms. But development of a 'kernel plugin' allowing Samba lower-level access to filesystem bits might be beneficial.
(yes, I'm ignoring the potential security foo at the moment and realize it's another portal of potential exploit.. but instead of adding more abstraction layers to the system it might be nice to simply access those wanted features directly).
'fester
Many opensource projects started out trying to emulate some other protocol, then overtook it and grabbed the lead.. then the proprietary protocol had to follow.
Samba is in a similar position. I think there are improvements to be made, efficiency, authentication, virutualhosts?(multiple domains/workgroups/subnets with the same daemon), better filesystem support, changes in the protocol making it faster, more efficient and unbreakable etc.
If Andrew can release improvements to samba for say win9x, 2000 and xp, replacing some networking DLLS,or just replacing microsoft network client, samba can be in a real leader position. MS SMB code is deinitely buggy or just inefficient, even on one subnet with 8 hosts. Improve that, release the improvement as GPL, and people will flock to it. Best form of marketing of Linux I can think of. OSSphobics will have no way out.
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
it's always spoken of in awe, but it's actually one of the big mistakes a software developer can make
I am so tired of applying security patches for system software... the latest double-double vulnerability of samba and sendmail were quite trying.
We keep hearing that the use of a language with bounds checking and a GC would solve a great many security problems. Is there any push towards such a platform?
I don't know much about Objective C, but it seems to be tight with gcc, g++, and g77. Does it have the needed security features?
At this point, I'd almost prefer that Samba was written in Java.
Smoke crack for baby jesus? ... I want my files now not next week when the JVM decides its done cleaning up after itself!
Objective-C isn't garbage-collected nor does it have built-in bounds checking. It wouldn't help in this situation. What we really need is to start developing everything in Ada!
I'm so tired of people pooh-poohing C because it can leak. C, when it is the right technology can outshine other platforms. The trick is to make sure you are choosing the right technology for the task. For Samba, C is pretty damn close to perfect.
Samba is supposed to be a cross platform networking technology. C is perfect for that because it is supported on nearly every system out there. Writing a program in C conforming to POSIX standards means that it will work 99.99997% of the platforms out there now.
Another reason why C is a good choice for Samba is because it can directly access memory. A lot of Samba is reading bytes off of this buffer and writing these bytes to that buffer. In a memory managed system you need to fight against the GC to make this work. It is also harder to write kernel parts in a language other than C.
As for Object C, it does not contain garbage collecting or stack protection. As for writing Samba in Java, you would have just as much success porting it to Perl instead and you will probably hit more platforms.
C isn't perfect. You can hang yourself easily with the language. However to say "C Sucks!" is a gross characterization. It definately has its place and it looks like Samba is one of them.
I'm still waiting for samba to fully support my windoze users and fully emulate a windows box 100%. a good example is printing support. I still cant deploy it to a network of windows boxes due to the lack of print queue management from windows workstation. They can print no problem, but god help them if they need to cancel that 200 page document. So far it cant seem to be done from the workstation. The workstation print queue shows the print jobs, but gives errors about not being able to connect to the server queue.
C is for programmers who do not need someone to hold their hands. Garbage collection is nice, garbage collection can be useful. But when you are programming low level things, it just gets in the way. C is designed for low level things.
Life sucks, but death doesn't put out at all....
--Thomas J. Kopp
No, having a root account is not a great failure of POSIX. The great failure is in irresponsibly using the root account like most Linux systems do.
There are far too many things on a Linux system that require root access. Adding ACLs is only have the battle, the other battle is using them responsibly.
However, even without ACLs you can use tools like sudo to avoid passing out the one true root password, or even avoid having a usable root account at all, except through sudo.
Basically, there's a number of things that your typical Linux system does not do that could be done to improve security and accountability.
ok... you're completely wrong about NFS and security.
/RPC/ to provide the security. The mechanics of authentication or securing the RPC transport just are plain not in the remit of NFS.
/mandatory/, which linux 2.5 has support for (not sure though whether all the userspace support is there yet). So 2.6 will hopefully at last support high-strength secure authentication for RPC (and hence for NFS v2,3 and 4) via the AUTH_GSS rpc_sec auth mechanism.
a -nfsd-auth/paper/node2.html
/not/ its fault.
It does not rely on hostnames for security, it does not rely on trusting the client to authenticate the user. NFS in fact relies solely on
Sun RPC in fact can be quite secure. There are various security mechanisms it can employ, and the problems you're just describing are all with one specific mechanism: auth_unix. It just happens to be the most commonly used one, and the only one supported on linux. However, if you use Solaris or OpenBSD there are other mechanisms available, eg auth_dh (public key based i think), auth_kerb (kerberosv4 - was secure, but flaws are known) or auth_gss (Most recent mechanism: Generic Security API / Kerberos V5 typically - which can be quite secure.).
The problem is that auth_unix is the easy option, and the only one that is guaranteed to be implemented by RPC. However, thankfully, with NFSv4 this will change as it makes support for AUTH_GSS and
See:
http://www.cse.unsw.edu.au/~neilb/conf/lca2002/lc
and the rpc and rpc_secure (if your system supports it) man pages for more info on RPC security.
Anyway, stop blaming NFS for things that are
I use Friend/Foe + mod-point modifiers as a karma/reputation system.
One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive networking test.
You don't need to be a Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood.
FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying.
Let's keep to the facts and look at the numbers.
OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.
Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.
All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.
Fact: *BSD is dying
Much of the most secure software around is written in C. Look at OpenBSD or qmail or djbdns. The problem is not the language, the problem is the skill of the programmer. C makes good programmers better, and bad programmers worse.
:)
And yes, bounds-checking and GC are nice for a lot of things. And they do make it much easier for a mediocre or average (or even a good) programmer to write safe, reasonably secure code. The problem is the overhead. For a lot of things, that doesn't matter, and for a lot of things, I firmly advocate the use of higher level languages (don't care if it's lisp or python or whatever). But for some things, like basic kernel and networking features, where performance can be critical, it very much does matter. So our only hope is to get stuff from programmers who have proven themselves to be able to write solid, secure, fast code. That means, e.g. dump the damn sendmail and install postfix or qmail. And as for samba, well, just get rid of windows from your site, and it'll cease to be an issue. And in the mean time, remind yourself that it's still a lot more secure than anything you've seen from MS so far...
Yeah, but can i diskless netboot it?
If your desktops are XP, disable the firewall (which by default blocks ports 137-139). This affects you even with WinNT4.0 on the server-side
If this problem is not specific to XP machines, then either
1)Your authentication is stuffed
2)Your print commands in your smb.conf file are wrong.
samba+cups rock for serving printers!
The soomer the yanks fuck off out of Europe the better. They're getting more unpopular by the day. Some yank was crossing the railway bridge on yapping on his mobile phone and I shouted "Oi! Yank" and he turned round and he walked to wards me. I punched him in the face and kicked him on the deck, then I threw his bag and phone onto the railway line. Yank cunts.