[Samba] Allowing Domain Admins root access
rory.browne at gmail.com
Tue Oct 3 14:24:54 GMT 2006
I don't know all that much about samba ( which is one of the main reasons
I'm on this list - to learn more ) but if you can get all your windows
domain admins that you want to have root access on unix into a single group,
then you can assign sudo privilages to that group. If you use solaris, you
may be able to achieve something similar with rbac.
Let me advise caution in this however. Just because someone is a competant
windows admin doesn't necessarly mean that this competance will transfer
into their Unix activities. Ask them the purpose of the chown command and
the /etc/nsswitch.conf file, or something similar(at the very VERY least)
before granting them root access.
It's generally preferable to have your adminstraters ordinary user accounts
in the wheel group as opposed to the root group. The root group should
really only have the root user in it.
More information about the samba