Group Memberships & ACL permissions?
Luke Kenneth Casson Leighton
lkcl at regent.push.net
Thu Apr 16 15:30:35 GMT 1998
On Fri, 17 Apr 1998, Gerald W. Carter wrote:
> > recommendations. My only guess right now is that users validated over
> > the PDC aren't getting to be members of the standard "users" group
> > (though "everyone" doesn't seem to be working right, either).
>
> See the domain admins parameter in smb.conf. By default the user is
> included in the user group I think.
correct.
they are excluded from users if they are in "domain guest users". they
are not excluded from users if they are in "domain admin users".
i think. haven't looked at that code for a while.
> I verified this by revoking the
> right to shut down a local workstation from "users" and "everyone". Was
> then unable to shut down the machine as a domain user. Gave the right
> back to "Users" and could shut it down again.
yep! this caught me out when i was developing the code. a quick hack,
and i didn't have to turn the machine off at the plug!
> > Also, if anyone has a good, general list of how permissions should be
> > set on the directories to make a realtively secure, Samba-authenticated
> > NT 4.0 installation, I would be most appreciative.
>
> I have a script I use to secure lab machines. It is constantly
> evolving, but I can send it to you directly if you wish. Don't want to
> post it directly to the list here due to space.
awww, spoil-sport, gerald :-)
More information about the samba-ntdom
mailing list