[Samba] Samba DC, Winbind, and Administrator Account
Rowland penny
rpenny at samba.org
Mon Feb 8 08:51:59 UTC 2016
On 08/02/16 00:07, Nick Couchman wrote:
>>> So, my two questions are:
>>> - How do I map the domain\administrator account to a UID other than 0.
>> You don't really want to change this, it maps 'Administrator' to the
>> Unix 'root' user and this allows the changing of ACLs etc.
>>
> Just because the Administrator user is a non-root user does not preclude it from changing ACLs. It may preclude it from forcibly changing ACLs on files that account doesn't own, but this can be overcome at a share level using the "admin users" parameter.
Well, yes, but then you will not be using the extended ACL support that
windows does
> I'd much rather the Windows Administrator *not* have any inherent elevated privileges on the Linux system just because it's mapped to UID 0. I'd rather solve that another way. But I'm a UNIX admin :-).
No, you are somebody that likes making life hard for yourself, on a DC,
Administrator is hardcoded to '0'.
Rowland
More information about the samba
mailing list