[Samba] Samba DC, Winbind, and Administrator Account

Nick Couchman nick.couchman at seakr.com
Mon Feb 8 17:30:30 UTC 2016


> On 08/02/16 00:07, Nick Couchman wrote:
>>>> So, my two questions are:
>>>> - How do I map the domain\administrator account to a UID other than 0.
>>> You don't really want to change this, it maps 'Administrator' to the
>>> Unix 'root' user and this allows the changing of ACLs etc.
>>>
>> Just because the Administrator user is a non-root user does not preclude it from
>> changing ACLs.  It may preclude it from forcibly changing ACLs on files that
>> account doesn't own, but this can be overcome at a share level using the "admin
>> users" parameter.
> 
> Well, yes, but then you will not be using the extended ACL support that
> windows does
> 
>>   I'd much rather the Windows Administrator *not* have any inherent elevated
>>   privileges on the Linux system just because it's mapped to UID 0.  I'd rather
>>   solve that another way.  But I'm a UNIX admin :-).
> 
> No, you are somebody that likes making life hard for yourself, on a DC,
> Administrator is hardcoded to '0'.
> 
> Rowland

Thanks for the info.  I'll deal with it this way, then.

==
This e-mail may contain SEAKR Engineering (SEAKR) Confidential and Proprietary Information. If this message is not intended for you, you are strictly prohibited from using this message, its contents or attachments in any way. If you have received this message in error, please delete the message from your mailbox. This e-mail may contain export-controlled material and should be handled accordingly.



More information about the samba mailing list