svn commit: samba r4579 - in branches/SAMBA_3_0/source: auth rpc_server

Gerald (Jerry) Carter jerry at samba.org
Fri Jan 7 03:12:58 GMT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Simo Sorce wrote:

| I've already achieved this result the "proper" way by
| adding a privilege infrastructure in trunk.
| he patch has been long in production and works very
| well, plus it make you possible to selectively give
| the "join the machine to the domain" privilege with
| out the need to give away full control on the client.
|
| The patch is not big, and sets up an infrastructure
| to add more privileges (think of printing related
| privileges).
|
| Would you considering adding that instead of this hack ?

no.  I already looked.  I've spent several days backporting the
privileges code.  Its just a little too heavy right now.
This is a simple solution to do what was needed (join machines
to the domain).  The other use would be as a replacement for
printer admins.  This will be an implicit right assigned
to the 'print operators' group.

You can add the privileges code in Samba 4 of if we need
it in Samba 3, this change is a forward compatible solution.
All you would have to do is to add the domain admins group to the
correct priv.  But I really don't think we need all of those
privs. anyways (e.g. 'act as part of the operating system"?)

I knew you would be upset but the privileges code adds
unneeded complexity at this moment.  And I know you'll
probably hate me, but I'll buy you dinner next time
we get together to make up for it.

Sorry.  I did look at it but chose not to use it.

Can you give me other examples of where
using privileges would be helpful other than
joining machines to a domain, replacing printer admin,
or the backup right assigned to 'backup operators' ?





cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB3f46IR7qMdg1EfYRAjieAJ95tX6GyWkPGWGJF5XdbBcDDnRpRgCg0Eo+
vd8YkiZnGyGwyTqN9jl2O7w=
=wt0I
-----END PGP SIGNATURE-----

More information about the samba-technical mailing list