Make Admins be admin users
abartlet at samba.org
Wed Feb 19 21:01:48 GMT 2003
On Thu, 2003-02-20 at 00:17, Ken Cross wrote:
> Related to the "Allow chown of directories" patch, I added a hack where
> members of Admins, Domain Admins, or Enterprise Admins automatically
> become admin users. (This really saved a lot of headaches for admins.)
> Note that this sets conn->admin_user, but does *not* set uid to 0 or
> force_user -- those caused subtle problems.
> This applies to SAMBA_3_0.
This means that administrators in a 'trusted' domain (which means you
trust the domain to authenticate it's own users, not to administer your
server) has root on your box.
I suggest you use:
'admin users = @MYDOM\Domain Admins'
In you smb.conf instead.
We are going to get rid of 'sid_peek_rid' soon, as it allows this kind
of thing too easily - you simply don't know which domain...
(The sid_peek_check_rid() version makes sure you have to specify it up
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030220/c3c83d0e/attachment.bin
More information about the samba-technical