[Samba] Debugging Privilege and Samba 3.0.11

JLB jlb at twu.net
Fri Feb 25 19:21:41 GMT 2005 

I apologize for being so flippant and unhelpful (although in my defense,
I posted the links to the various password tools in order to -be- helpful.
They got me some major brownie points the other day when a client's
"network administrator" (a Windows-only user) was unaware of the existence
of either Snadboy's Revelation -or- the NT password-resetting boot disk
thingee (both of which she found highly useful and time-saving). Tools
like this are so handy!)

On Fri, 25 Feb 2005, Gerald (Jerry) Carter wrote:

> Date: Fri, 25 Feb 2005 12:55:13 -0600
> From: "Gerald (Jerry) Carter" <jerry at samba.org>
> To: JLB <jlb at twu.net>
> Cc: Thierry <Thierry at echotech.ch>, samba at lists.samba.org
> Subject: Re: [Samba] Debugging Privilege and Samba 3.0.11
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> JLB wrote:
> | On Fri, 25 Feb 2005, Thierry wrote:
> |
> |>Date: Fri, 25 Feb 2005 19:25:14 +0100
> |>From: Thierry <Thierry at echotech.ch>
> |>To: samba at lists.samba.org
> |>Subject: [Samba] Debugging Privilege and Samba 3.0.11
> |>
> |>Hello,
> |>
> |>I am striving to give out globally to our developers a way to debug
> |>their C++ applications, but I do not want to give them Admin rights on
> |>the individual workstations.
> |
> | You're foolish if you think anyone with local
> | access to a workstation can't get into the
> | Admin account on their local machine.
>
> WoW!   That was a really helpful response!
> And while correct, doesn't do anything to help
> the original poster.
>
> If I have an employee and I'll them I'm not
> going to give you admin access.  And then the
> hack the box using local physical access, i'll
> just fire them.  Problem solved.  No more physical
> access.
>
>
> The answer is that you create a domain group on
> the Samba server; add the users to that group,
> the assign that SID the SeDebugPrivilege right
> on the individual machines (not of the Samba DC).
> user rights are local to the machine on which they
> are assigned.
>
>
>
> cheers, jerry
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFCH3SRIR7qMdg1EfYRAisqAJsGDuFLYHhOUy0V745eTtqAhs/qKACg2J0F
> tZoLyWOlvj9P3RiiqIJcUNg=
> =M3kc
> -----END PGP SIGNATURE-----
>

--
J. L. Blank, Systems Administrator, twu.net

More information about the samba mailing list