On Thu, 2003-02-20 at 00:17, Ken Cross wrote: > Related to the "Allow chown of directories" patch, I added a hack where > members of Admins, Domain Admins, or Enterprise Admins automatically > become admin users. (This really saved a lot of headaches for admins.) > > Note that this sets conn->admin_user, but does *not* set uid to 0 or > force_user -- those caused subtle problems. > > This applies to SAMBA_3_0.
This means that administrators in a 'trusted' domain (which means you trust the domain to authenticate it's own users, not to administer your server) has root on your box. I suggest you use: 'admin users = @MYDOM\Domain Admins' In you smb.conf instead. We are going to get rid of 'sid_peek_rid' soon, as it allows this kind of thing too easily - you simply don't know which domain... (The sid_peek_check_rid() version makes sure you have to specify it up front). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
