svn commit: samba-docs r676 - in trunk/Samba3-HOWTO: .
jht at samba.org
jht at samba.org
Wed Jun 22 07:01:30 GMT 2005
Author: jht
Date: 2005-06-22 07:01:29 +0000 (Wed, 22 Jun 2005)
New Revision: 676
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=676
Log:
Relocating Privilege info.
Modified:
trunk/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml
trunk/Samba3-HOWTO/TOSHARG-TheNetCommand.xml
Changeset:
Modified: trunk/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml
===================================================================
--- trunk/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml 2005-06-22 06:55:33 UTC (rev 675)
+++ trunk/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml 2005-06-22 07:01:29 UTC (rev 676)
@@ -57,7 +57,7 @@
<title>Rights Management Capabilities</title>
<para>
-Samba 3.0.11 introduces support for the Windows privilege model. This model
+Samba 3.0.11 introduced support for the Windows privilege model. This model
allows certain rights to be assigned to a user or group SID. In order to enable
this feature, <smbconfoption name="enable privileges">yes</smbconfoption>
must be defined in the <smbconfsection name="global"/> section of the &smb.conf; file.
@@ -100,6 +100,18 @@
<entry><para>SeDiskOperatorPrivilege</para></entry>
<entry><para>Manage disk share</para></entry>
</row>
+ <row>
+ <entry><para>SeBackupPrivilege</para></entry>
+ <entry><para>Back up files and directories</para></entry>
+ </row>
+ <row>
+ <entry><para>SeRestorePrivilege</para></entry>
+ <entry><para>Restore files and directories</para></entry>
+ </row>
+ <row>
+ <entry><para>SeTakeOwnershipPrivilege</para></entry>
+ <entry><para>Take ownership of files or other objects</para></entry>
+ </row>
</tbody>
</tgroup>
</table>
@@ -249,6 +261,50 @@
</sect2>
+<sect2>
+<title>Privileges Suppored by Windows 2000 Domain Controllers</title>
+
+<para>
+ For reference purposes, a Windows 2000 Domain Controller reports that it supports the following
+ privileges:
+<screen>
+ SeCreateTokenPrivilege Create a token object
+ SeAssignPrimaryTokenPrivilege Replace a process level token
+ SeLockMemoryPrivilege Lock pages in memory
+ SeIncreaseQuotaPrivilege Increase quotas
+ SeMachineAccountPrivilege Add workstations to domain
+ SeTcbPrivilege Act as part of the operating system
+ SeSecurityPrivilege Manage auditing and security log
+ SeTakeOwnershipPrivilege Take ownership of files or other objects
+ SeLoadDriverPrivilege Load and unload device drivers
+ SeSystemProfilePrivilege Profile system performance
+ SeSystemtimePrivilege Change the system time
+SeProfileSingleProcessPrivilege Profile single process
+SeIncreaseBasePriorityPrivilege Increase scheduling priority
+ SeCreatePagefilePrivilege Create a pagefile
+ SeCreatePermanentPrivilege Create permanent shared objects
+ SeBackupPrivilege Back up files and directories
+ SeRestorePrivilege Restore files and directories
+ SeShutdownPrivilege Shut down the system
+ SeDebugPrivilege Debug programs
+ SeAuditPrivilege Generate security audits
+ SeSystemEnvironmentPrivilege Modify firmware environment values
+ SeChangeNotifyPrivilege Bypass traverse checking
+ SeRemoteShutdownPrivilege Force shutdown from a remote system
+ SeUndockPrivilege Remove computer from docking station
+ SeSyncAgentPrivilege Synchronize directory service data
+ SeEnableDelegationPrivilege Enable computer and user accounts to
+ be trusted for delegation
+ SeManageVolumePrivilege Perform volume maintenance tasks
+ SeImpersonatePrivilege Impersonate a client after authentication
+ SeCreateGlobalPrivilege Create global objects
+</screen>
+ The Samba Team are implementing only those privileges that are logical and useful in the UNIX/Linux
+ envronment. Many of the Windows 200X/XP privileges have no direct equivalence in UNIX.
+ </para>
+
+</sect2>
+
</sect1>
<sect1>
Modified: trunk/Samba3-HOWTO/TOSHARG-TheNetCommand.xml
===================================================================
--- trunk/Samba3-HOWTO/TOSHARG-TheNetCommand.xml 2005-06-22 06:55:33 UTC (rev 675)
+++ trunk/Samba3-HOWTO/TOSHARG-TheNetCommand.xml 2005-06-22 07:01:29 UTC (rev 676)
@@ -880,45 +880,6 @@
</para>
<para>
- For reference purposes, a Windows 2000 Domain Controller reports that it supports the following
- privileges:
-<screen>
- SeCreateTokenPrivilege Create a token object
- SeAssignPrimaryTokenPrivilege Replace a process level token
- SeLockMemoryPrivilege Lock pages in memory
- SeIncreaseQuotaPrivilege Increase quotas
- SeMachineAccountPrivilege Add workstations to domain
- SeTcbPrivilege Act as part of the operating system
- SeSecurityPrivilege Manage auditing and security log
- SeTakeOwnershipPrivilege Take ownership of files or other objects
- SeLoadDriverPrivilege Load and unload device drivers
- SeSystemProfilePrivilege Profile system performance
- SeSystemtimePrivilege Change the system time
-SeProfileSingleProcessPrivilege Profile single process
-SeIncreaseBasePriorityPrivilege Increase scheduling priority
- SeCreatePagefilePrivilege Create a pagefile
- SeCreatePermanentPrivilege Create permanent shared objects
- SeBackupPrivilege Back up files and directories
- SeRestorePrivilege Restore files and directories
- SeShutdownPrivilege Shut down the system
- SeDebugPrivilege Debug programs
- SeAuditPrivilege Generate security audits
- SeSystemEnvironmentPrivilege Modify firmware environment values
- SeChangeNotifyPrivilege Bypass traverse checking
- SeRemoteShutdownPrivilege Force shutdown from a remote system
- SeUndockPrivilege Remove computer from docking station
- SeSyncAgentPrivilege Synchronize directory service data
- SeEnableDelegationPrivilege Enable computer and user accounts to
- be trusted for delegation
- SeManageVolumePrivilege Perform volume maintenance tasks
- SeImpersonatePrivilege Impersonate a client after authentication
- SeCreateGlobalPrivilege Create global objects
-</screen>
- The Samba Team are implementing only those privileges that are logical and useful in the UNIX/Linux
- envronment. Many of the Windows 200X/XP privileges have no direct equivalence in UNIX.
- </para>
-
- <para>
In this example, all rights are assigned to the <constant>Domain Admins</constant> group. This is a good
idea since members of this group are generally expected to be all-powerful. This assignment makes that
the reality:
More information about the samba-cvs
mailing list