svn commit: samba r4579 - in branches/SAMBA_3_0/source: auth
rpc_server
Gerald (Jerry) Carter
jerry at samba.org
Fri Jan 7 03:12:58 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Simo Sorce wrote:
| I've already achieved this result the "proper" way by
| adding a privilege infrastructure in trunk.
| he patch has been long in production and works very
| well, plus it make you possible to selectively give
| the "join the machine to the domain" privilege with
| out the need to give away full control on the client.
|
| The patch is not big, and sets up an infrastructure
| to add more privileges (think of printing related
| privileges).
|
| Would you considering adding that instead of this hack ?
no. I already looked. I've spent several days backporting the
privileges code. Its just a little too heavy right now.
This is a simple solution to do what was needed (join machines
to the domain). The other use would be as a replacement for
printer admins. This will be an implicit right assigned
to the 'print operators' group.
You can add the privileges code in Samba 4 of if we need
it in Samba 3, this change is a forward compatible solution.
All you would have to do is to add the domain admins group to the
correct priv. But I really don't think we need all of those
privs. anyways (e.g. 'act as part of the operating system"?)
I knew you would be upset but the privileges code adds
unneeded complexity at this moment. And I know you'll
probably hate me, but I'll buy you dinner next time
we get together to make up for it.
Sorry. I did look at it but chose not to use it.
Can you give me other examples of where
using privileges would be helpful other than
joining machines to a domain, replacing printer admin,
or the backup right assigned to 'backup operators' ?
cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB3f46IR7qMdg1EfYRAjieAJ95tX6GyWkPGWGJF5XdbBcDDnRpRgCg0Eo+
vd8YkiZnGyGwyTqN9jl2O7w=
=wt0I
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list