[Samba] nscd, ldap and the root/Administrator account
Tony Earnshaw
tonye at billy.demon.nl
Thu May 5 13:22:58 GMT 2005
tor, 05.05.2005 kl. 14.53 skrev Paul Gienger:
> >I don't recall what Samba version you're using, but if I recall
> >correctly, the only thing the root user was ever needed for, was joining
> >machines to a domain. Presumably because he had to write to restricted
> >files. From Samba 3.0.11 the privilege SeMachineAccountPrivilege can be
> >assigned to a mortal to do this, so root isn't necessary at all from
> >that version upward.
> >
> The account used to join machines had to be able to run the equivilent
> of 'useradd somemachine$'. Since the smbd process runs as the
> connecting user, you needed root or a root-like user. Then they allowed
> the smbd process to fork a root process with the priviledge seperation
> commands and voilla.
That would be it, thanks :)
--Tonni
--
Nothing sucksseeds like a pigeon without a beak ...
mail: tonye at billy.demon.nl
http://www.billy.demon.nl
They'll love us, won't they? They feed us, don't they? ...
More information about the samba
mailing list