System Policy Problems

Luke Kenneth Casson Leighton lkcl at switchboard.net
Tue Feb 2 18:52:29 GMT 1999


On Tue, 2 Feb 1999, Jamie ffolliott wrote:

> > here are the relevant parts of the smb.conf
> >
> > [netlogon]
> >    comment = TAG DC Automatic Software Downloads
> >    preexec = exec /usr/local/samba/bin/smblogin.sh '%L' '%m' '%U'
> > '%G' '%a' '%T'
> >    path = /usr/local/samba/smb_logins
> >    writable = no
> >    guest ok = yes
> >    create mask = 0775
> >    browseable = yes
> 
> You'll need: "locking = no" for policies to work.  It's in the ntdom faq ;)
> 
> We also have "writable = yes" on our system so we can edit the logon script
> and default user profile from a desktop, but that shouldn't be necessary.

this is a security risk, you can have ordinary users creating scripts for
other users (including, say administrator).  bad idea.  if you must do
this, have "write users = xxxx" where xxxx is an admin.

luke



More information about the samba-ntdom mailing list