[Samba] Samba DC, Winbind, and Administrator Account

Rowland penny rpenny at samba.org
Mon Feb 8 08:51:59 UTC 2016

On 08/02/16 00:07, Nick Couchman wrote:
>>> So, my two questions are:
>>> - How do I map the domain\administrator account to a UID other than 0.
>> You don't really want to change this, it maps 'Administrator' to the
>> Unix 'root' user and this allows the changing of ACLs etc.
> Just because the Administrator user is a non-root user does not preclude it from changing ACLs.  It may preclude it from forcibly changing ACLs on files that account doesn't own, but this can be overcome at a share level using the "admin users" parameter.

Well, yes, but then you will not be using the extended ACL support that 
windows does

>   I'd much rather the Windows Administrator *not* have any inherent elevated privileges on the Linux system just because it's mapped to UID 0.  I'd rather solve that another way.  But I'm a UNIX admin :-).

No, you are somebody that likes making life hard for yourself, on a DC, 
Administrator is hardcoded to '0'.


More information about the samba mailing list