svn commit: samba r6008 - in trunk/source/rpc_server: .
Simo Sorce
idra at samba.org
Wed Mar 23 22:41:53 GMT 2005
On Wed, 2005-03-23 at 16:35 -0600, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Simo Sorce wrote:
>
> |>You can comment it out, but don't revert it - I don't want to
> |>forget this.
> |
> | Ok, I already have some other fixes coming down the pipe,
> | it's just that Jerry (on IRC) asked to NOT add privileges yet :-)
>
> ok. Simo caught me before I had read any commit messages.
> I don't want to start adding new privileges willie-nillie
> because it will get unmanageable before too long.
I agree.
> I would rather change the check to if (a) is root, or
> (b) enable privileges = yes and is a member of domain admins.
> Very similar to the check for creating domain trust accounts.
Yes, I'll change that.
> The SeDIskOperatorPrivilege should be reserved for managing
> file share ACLs and smb.conf definitions.
Agree, I'm trying to determine witch privilege is needed, Power Users
can manage connections as administrators, normal users seem not able to
get any info at all from a NT4 to W2K server, so we may already be
giving ou more informations than a normal w2k server do.
> Sounds like an acceptable solution ?
Yes.
Simo.
--
Simo Sorce - idra at samba.org
Samba Team - http://www.samba.org
Italian Site - http://samba.xsec.it
More information about the samba-technical
mailing list