[Samba] Administering a Linux domain member in a NT domain, as a "Domain Admin"

[Kevin Weslowski]

Hello,

 

After following the winbind-related steps in the SAMBA 3 howto, I was
able to achieve console logins on the Linux workstation by any domain
user; Great!

 

Now, I've come to the issue of expecting that a "Domain Admin" should be
able to administer the Linux workstation much like a "Domain Admin"
administers a Windows workstation on a domain.  I've seen several
examples where the domain admin users are added to the "root" group for
the Linux workstation; the problem is, that most files/commands on the
(Fedora) Linux workstation are, by default, "usable" only by the root
user and not by the root group; i.e.

 

/etc/passwd has file permissions: -rw-r--r--

 

Therefore, the root user can write to it but the root group can't;

 

One thing I thought of was to run a script that updates the system so
that all files owned by root are changed so that the root group has the
same permissions as the root user for that file...but I don't think
that's a good solution because I'll probably have to run that script
every time I install something new.

 

Has anyone got suggestions/ideas/comments?

 

Kevin