VS: Multiple SWAT admins
Andrew Bartlett
abartlet at samba.org
Mon Jun 10 02:55:01 GMT 2002
"Nieminen, Jooel" wrote:
>
> Surely would want that.
> actually, swat documentation on web does not say anything about this.
> I would allow domain admins or separately created swat admins group to
> use it.
There are good reasons not to - see below...
> jooel
>
> -----Alkuperäinen viesti-----
> Lähettäjä: Geoff Holden [mailto:geoff at cs.mun.ca]
> Lähetetty: 7. kesäkuuta 2002 0201
> Vastaanottaja: samba-technical at lists.samba.org
> Aihe: Multiple SWAT admins
>
> I'm wondering if anyone else out there would like users other than root to
> be able to configure samba through swat...
>
> I have some boxes with several admins, none of who get the root password
> (sudo is configured on the systems). Things like CUPS can take a a group to
> be given full access, I'd like to do the same for SWAT.
>
> Are there any reasons against doing this? (I've already patched my own to
> take a "swat admin group" or something in the smb.conf file, so I can post
> my patch here if requested.)
Any swat user is one 'root preexec' away from being root, so there is no
security benifit from doing this.
Other than that, I think the permissions are based on who can modify the
smb.conf file.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list