Rowland Penny
2022-Jul-18 12:25 UTC
[Samba] Validity of "testparm --parameter-name" output on a non-zero exit code
On Mon, 2022-07-18 at 15:14 +0300, Slava Aseev via samba wrote:> Hello! > > I have a question about testparm (maybe a stupid question). > > testparm exits with 1 if any errors in smb.conf was detected. > Can this exit code be safely ignored if only the output of "testparm > --parameter-name" is needed? > > For example, in case of "testparm --suppress-prompt --parameter-name > 'usershare path'" we can check path from the output for existence, > so > checking the exit code doesn't seem so useful. However, I am not > entirely sure about this, maybe there is something what I missed. > > The whole problem is that there is a real case where I would like to > ignore the exit code: > > $ testparm --debuglevel=0 --suppress-prompt --verbose --parameter- > name 'usershare path' > Load smb config files from /etc/samba/smb.conf > Loaded services file OK. > Weak crypto is allowed > > ERROR: Do not use the 'sss' backend as the default idmap backend! > > /var/lib/samba/usershares > > $ echo $? > 1 > > but I'm not sure if I really should.The error seems to be pretty major, you appear to be using the 'sss' backend for the default '*' idmap backend and this isn't allowed. You are also using shares and the 'sss' backend only does authentication. I think you need to post your smb.conf and tell us why you are using sssd. Rowland
Slava Aseev
2022-Jul-18 17:50 UTC
[Samba] Validity of "testparm --parameter-name" output on a non-zero exit code
18.07.2022 15:25, Rowland Penny via samba ?????:> On Mon, 2022-07-18 at 15:14 +0300, Slava Aseev via samba wrote: >> Hello! >> >> I have a question about testparm (maybe a stupid question). >> >> testparm exits with 1 if any errors in smb.conf was detected. >> Can this exit code be safely ignored if only the output of "testparm >> --parameter-name" is needed? >> >> For example, in case of "testparm --suppress-prompt --parameter-name >> 'usershare path'" we can check path from the output for existence, >> so >> checking the exit code doesn't seem so useful. However, I am not >> entirely sure about this, maybe there is something what I missed. >> >> The whole problem is that there is a real case where I would like to >> ignore the exit code: >> >> $ testparm --debuglevel=0 --suppress-prompt --verbose --parameter- >> name 'usershare path' >> Load smb config files from /etc/samba/smb.conf >> Loaded services file OK. >> Weak crypto is allowed >> >> ERROR: Do not use the 'sss' backend as the default idmap backend! >> >> /var/lib/samba/usershares >> >> $ echo $? >> 1 >> >> but I'm not sure if I really should. > The error seems to be pretty major, you appear to be using the 'sss' > backend for the default '*' idmap backend and this isn't allowed. You > are also using shares and the 'sss' backend only does authentication. > > I think you need to post your smb.conf and tell us why you are using > sssd. > > RowlandThe question is not really about the error (in this case, it can be fixed by specifying tdb as the default backend, and sss for some <DOMAIN>). I will try to explain better. There is a samba file sharing plugin called kdenetwork-filesharing (a file properites plugin that allows to make directory shared in directory properties). At some point the plugin calls "testparm --parameter-name" to get the "usershare path" (to check/fix permissions on this path) and to get "passdb backend" (to try to add the user to database, if passdb backend is the tdbsam). In these cases the plugin is only interested in values (and their correctness), not in the correctness of whole smb.conf, and I really would not want to stop the plugin because of non-zero testparm exit code (because eventually the requested values are output to stdout!). In other words I would like "testparm --parameter-name" to behaves like "exit with failure if there is an error in requested parameter", but it behaves like "exit with failure if there is any error in the whole config". Hence the question: is it permissible to ignore the exit code of testparm in particular this case? Or is it worth playing it safe and not allowing output values if testparm returns a non-zero code? (perhaps I am worried too much) -- Best regards, Slava Aseev