[Samba] securing root to administrator mapping
David.Bear at asu.edu
Thu May 19 18:21:25 GMT 2005
I'm just starting to convert to using samba 3 --. Untill now, my use
of samba has been pretty simple. I've not used it as a DC and I've use
passthrough auth.. I know some say its ugly (and it can be) but its
made my life easier most of the time.
Now I'm reading through the samba docs, howto's, etc and I am still
very uncomfortable mapping the windows Administrator account to root.
I know samba will need to change some things that only root can do. I
was hoping for something that I could do with sudo. Could I create and
account called 'joeAdmin', put him in sudoers, then put all the
commands that joeAdmin would need to run in the sudoers config? That
seems a more structure way to secure this.
Secondly, we have possibly more than one administrator account on a
machine. Can we map multiple windows user names to the root account in
I'm thinking something like this..
create a group
jAdminGroup, joeAdmin, JaneAdmin
jAdminGroup ALL=/passwordchatprograms/addprinterprograms NOPASSWD: ALL
then in smbusermap file
root = joeAdmin janeAdmin
Does this sound reasonable?
College of Public Programs/ASU
Wilson Hall 232
Tempe, AZ 85287-0803
"Beware the IP portfolio, everyone will be suspect of trespassing"
More information about the samba