Group Memberships & ACL permissions?

Luke Kenneth Casson Leighton lkcl at
Thu Apr 16 15:30:35 GMT 1998

On Fri, 17 Apr 1998, Gerald W. Carter wrote:

> > recommendations.  My only guess right now is that users validated over
> > the PDC aren't getting to be members of the standard "users" group
> > (though "everyone" doesn't seem to be working right, either).
> See the domain admins parameter in smb.conf.  By default the user is
> included in the user group I think.


they are excluded from users if they are in "domain guest users".  they
are not excluded from users if they are in "domain admin users". 

i think.  haven't looked at that code for a while.

>  I verified this by revoking the
> right to shut down a local workstation from "users" and "everyone".  Was
> then unable to shut down the machine as a domain user.  Gave the right
> back to "Users" and could shut it down again.

yep!  this caught me out when i was developing the code.  a quick hack,
and i didn't have to turn the machine off at the plug! 
> > Also, if anyone has a good, general list of how permissions should be
> > set on the directories to make a realtively secure, Samba-authenticated
> > NT 4.0 installation, I would be most appreciative.
> I have a script I use to secure lab machines.  It is constantly
> evolving, but I can send it to you directly if you wish.  Don't want to
> post it directly to the list here due to space.

awww, spoil-sport, gerald :-)

More information about the samba-ntdom mailing list