[Samba] Administering a Linux domain member in a NT domain, as a "Domain Admin"

Kevin Weslowski kweslowski at mcnairbd.com
Fri Apr 30 17:15:08 GMT 2004



After following the winbind-related steps in the SAMBA 3 howto, I was
able to achieve console logins on the Linux workstation by any domain
user; Great!


Now, I've come to the issue of expecting that a "Domain Admin" should be
able to administer the Linux workstation much like a "Domain Admin"
administers a Windows workstation on a domain.  I've seen several
examples where the domain admin users are added to the "root" group for
the Linux workstation; the problem is, that most files/commands on the
(Fedora) Linux workstation are, by default, "usable" only by the root
user and not by the root group; i.e.


/etc/passwd has file permissions: -rw-r--r--


Therefore, the root user can write to it but the root group can't;


One thing I thought of was to run a script that updates the system so
that all files owned by root are changed so that the root group has the
same permissions as the root user for that file...but I don't think
that's a good solution because I'll probably have to run that script
every time I install something new.


Has anyone got suggestions/ideas/comments?



More information about the samba mailing list