svn commit: samba-docs r676 - in trunk/Samba3-HOWTO: .

jht at samba.org jht at samba.org
Wed Jun 22 07:01:30 GMT 2005 

Author: jht
Date: 2005-06-22 07:01:29 +0000 (Wed, 22 Jun 2005)
New Revision: 676

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=676

Log:
Relocating Privilege info.
Modified:
   trunk/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml
   trunk/Samba3-HOWTO/TOSHARG-TheNetCommand.xml


Changeset:
Modified: trunk/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml
===================================================================
--- trunk/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml	2005-06-22 06:55:33 UTC (rev 675)
+++ trunk/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml	2005-06-22 07:01:29 UTC (rev 676)
@@ -57,7 +57,7 @@
 <title>Rights Management Capabilities</title>
 
 <para>
-Samba 3.0.11 introduces support for the Windows privilege model.  This model
+Samba 3.0.11 introduced support for the Windows privilege model.  This model
 allows certain rights to be assigned to a user or group SID.  In order to enable
 this feature, <smbconfoption name="enable privileges">yes</smbconfoption>
 must be defined in the <smbconfsection name="global"/> section of the &smb.conf; file.
@@ -100,6 +100,18 @@
                                 <entry><para>SeDiskOperatorPrivilege</para></entry>
                                 <entry><para>Manage disk share</para></entry>
                         </row>
+                        <row>
+                                <entry><para>SeBackupPrivilege</para></entry>
+                                <entry><para>Back up files and directories</para></entry>
+                        </row>
+                        <row>
+                                <entry><para>SeRestorePrivilege</para></entry>
+                                <entry><para>Restore files and directories</para></entry>
+                        </row>
+                        <row>
+                                <entry><para>SeTakeOwnershipPrivilege</para></entry>
+                                <entry><para>Take ownership of files or other objects</para></entry>
+                        </row>
                 </tbody>
         </tgroup>
 </table>
@@ -249,6 +261,50 @@
 
 </sect2>
 
+<sect2>
+<title>Privileges Suppored by Windows 2000 Domain Controllers</title>
+
+<para>
+    For reference purposes, a Windows 2000 Domain Controller reports that it supports the following
+    privileges:
+<screen>
+         SeCreateTokenPrivilege  Create a token object
+  SeAssignPrimaryTokenPrivilege  Replace a process level token
+          SeLockMemoryPrivilege  Lock pages in memory
+       SeIncreaseQuotaPrivilege  Increase quotas
+      SeMachineAccountPrivilege  Add workstations to domain
+                 SeTcbPrivilege  Act as part of the operating system
+            SeSecurityPrivilege  Manage auditing and security log
+       SeTakeOwnershipPrivilege  Take ownership of files or other objects
+          SeLoadDriverPrivilege  Load and unload device drivers
+       SeSystemProfilePrivilege  Profile system performance
+          SeSystemtimePrivilege  Change the system time
+SeProfileSingleProcessPrivilege  Profile single process
+SeIncreaseBasePriorityPrivilege  Increase scheduling priority
+      SeCreatePagefilePrivilege  Create a pagefile
+     SeCreatePermanentPrivilege  Create permanent shared objects
+              SeBackupPrivilege  Back up files and directories
+             SeRestorePrivilege  Restore files and directories
+            SeShutdownPrivilege  Shut down the system
+               SeDebugPrivilege  Debug programs
+               SeAuditPrivilege  Generate security audits
+   SeSystemEnvironmentPrivilege  Modify firmware environment values
+        SeChangeNotifyPrivilege  Bypass traverse checking
+      SeRemoteShutdownPrivilege  Force shutdown from a remote system
+              SeUndockPrivilege  Remove computer from docking station
+           SeSyncAgentPrivilege  Synchronize directory service data
+    SeEnableDelegationPrivilege  Enable computer and user accounts to
+                                 be trusted for delegation
+        SeManageVolumePrivilege  Perform volume maintenance tasks
+         SeImpersonatePrivilege  Impersonate a client after authentication
+        SeCreateGlobalPrivilege  Create global objects
+</screen>
+    The Samba Team are implementing only those privileges that are logical and useful in the UNIX/Linux
+    envronment. Many of the Windows 200X/XP privileges have no direct equivalence in UNIX.
+    </para>
+
+</sect2>
+
 </sect1>
 
 <sect1>

Modified: trunk/Samba3-HOWTO/TOSHARG-TheNetCommand.xml
===================================================================
--- trunk/Samba3-HOWTO/TOSHARG-TheNetCommand.xml	2005-06-22 06:55:33 UTC (rev 675)
+++ trunk/Samba3-HOWTO/TOSHARG-TheNetCommand.xml	2005-06-22 07:01:29 UTC (rev 676)
@@ -880,45 +880,6 @@
 	</para>
 
 	<para>
-	For reference purposes, a Windows 2000 Domain Controller reports that it supports the following
-	privileges:
-<screen>
-         SeCreateTokenPrivilege  Create a token object
-  SeAssignPrimaryTokenPrivilege  Replace a process level token
-          SeLockMemoryPrivilege  Lock pages in memory
-       SeIncreaseQuotaPrivilege  Increase quotas
-      SeMachineAccountPrivilege  Add workstations to domain
-                 SeTcbPrivilege  Act as part of the operating system
-            SeSecurityPrivilege  Manage auditing and security log
-       SeTakeOwnershipPrivilege  Take ownership of files or other objects
-          SeLoadDriverPrivilege  Load and unload device drivers
-       SeSystemProfilePrivilege  Profile system performance
-          SeSystemtimePrivilege  Change the system time
-SeProfileSingleProcessPrivilege  Profile single process
-SeIncreaseBasePriorityPrivilege  Increase scheduling priority
-      SeCreatePagefilePrivilege  Create a pagefile
-     SeCreatePermanentPrivilege  Create permanent shared objects
-              SeBackupPrivilege  Back up files and directories
-             SeRestorePrivilege  Restore files and directories
-            SeShutdownPrivilege  Shut down the system
-               SeDebugPrivilege  Debug programs
-               SeAuditPrivilege  Generate security audits
-   SeSystemEnvironmentPrivilege  Modify firmware environment values
-        SeChangeNotifyPrivilege  Bypass traverse checking
-      SeRemoteShutdownPrivilege  Force shutdown from a remote system
-              SeUndockPrivilege  Remove computer from docking station
-           SeSyncAgentPrivilege  Synchronize directory service data
-    SeEnableDelegationPrivilege  Enable computer and user accounts to
-                                 be trusted for delegation
-        SeManageVolumePrivilege  Perform volume maintenance tasks
-         SeImpersonatePrivilege  Impersonate a client after authentication
-        SeCreateGlobalPrivilege  Create global objects
-</screen>
-	The Samba Team are implementing only those privileges that are logical and useful in the UNIX/Linux
-	envronment. Many of the Windows 200X/XP privileges have no direct equivalence in UNIX.
-	</para>
-
-	<para>
 	In this example, all rights are assigned to the <constant>Domain Admins</constant> group. This is a good
 	idea since members of this group are generally expected to be all-powerful. This assignment makes that
 	the reality:

More information about the samba-cvs mailing list