[Samba] Debugging Privilege and Samba 3.0.11

Gerald (Jerry) Carter jerry at samba.org
Fri Feb 25 18:55:13 GMT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

JLB wrote:
| On Fri, 25 Feb 2005, Thierry wrote:
|
|>Date: Fri, 25 Feb 2005 19:25:14 +0100
|>From: Thierry <Thierry at echotech.ch>
|>To: samba at lists.samba.org
|>Subject: [Samba] Debugging Privilege and Samba 3.0.11
|>
|>Hello,
|>
|>I am striving to give out globally to our developers a way to debug
|>their C++ applications, but I do not want to give them Admin rights on
|>the individual workstations.
|
| You're foolish if you think anyone with local
| access to a workstation can't get into the
| Admin account on their local machine.

WoW!   That was a really helpful response!
And while correct, doesn't do anything to help
the original poster.

If I have an employee and I'll them I'm not
going to give you admin access.  And then the
hack the box using local physical access, i'll
just fire them.  Problem solved.  No more physical
access.


The answer is that you create a domain group on
the Samba server; add the users to that group,
the assign that SID the SeDebugPrivilege right
on the individual machines (not of the Samba DC).
user rights are local to the machine on which they
are assigned.



cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCH3SRIR7qMdg1EfYRAisqAJsGDuFLYHhOUy0V745eTtqAhs/qKACg2J0F
tZoLyWOlvj9P3RiiqIJcUNg=
=M3kc
-----END PGP SIGNATURE-----


More information about the samba mailing list