System Policy Problems
Jamie ffolliott
jmeff at engsoc.queensu.ca
Tue Feb 2 19:11:40 GMT 1999
> On Tue, 2 Feb 1999, Luke Kenneth Casson Leighton wrote:
> > We also have "writable = yes" on our system so we can edit the
> >logon script
> > and default user profile from a desktop, but that shouldn't be
> >necessary.
>
> this is a security risk, you can have ordinary users creating scripts for
> other users (including, say administrator). bad idea. if you must do
> this, have "write users = xxxx" where xxxx is an admin.
>
unix permissions don't allow users to write to that directory, but I see
your point.
will add "write list = uuuu, @gggg" (uuuu = an admin, gggg = an admin group)
to the netlogon share - thanks.
Jamie
More information about the samba-ntdom
mailing list