Kevin Weslowski
2004-Apr-30 17:15 UTC
[Samba] Administering a Linux domain member in a NT domain, as a "Domain Admin"
Hello, After following the winbind-related steps in the SAMBA 3 howto, I was able to achieve console logins on the Linux workstation by any domain user; Great! Now, I've come to the issue of expecting that a "Domain Admin" should be able to administer the Linux workstation much like a "Domain Admin" administers a Windows workstation on a domain. I've seen several examples where the domain admin users are added to the "root" group for the Linux workstation; the problem is, that most files/commands on the (Fedora) Linux workstation are, by default, "usable" only by the root user and not by the root group; i.e. /etc/passwd has file permissions: -rw-r--r-- Therefore, the root user can write to it but the root group can't; One thing I thought of was to run a script that updates the system so that all files owned by root are changed so that the root group has the same permissions as the root user for that file...but I don't think that's a good solution because I'll probably have to run that script every time I install something new. Has anyone got suggestions/ideas/comments? Kevin
Tarjei Huse
2004-May-02 21:12 UTC
[Samba] Administering a Linux domain member in a NT domain, as a "Domain Admin"
> Now, I've come to the issue of expecting that a "Domain Admin" should be > able to administer the Linux workstation much like a "Domain Admin" > administers a Windows workstation on a domain. I've seen several > examples where the domain admin users are added to the "root" group for > the Linux workstation; the problem is, that most files/commands on the > (Fedora) Linux workstation are, by default, "usable" only by the root > user and not by the root group; i.e. > > One thing I thought of was to run a script that updates the system so > that all files owned by root are changed so that the root group has the > same permissions as the root user for that file...but I don't think > that's a good solution because I'll probably have to run that script > every time I install something new.No.> Has anyone got suggestions/ideas/comments?Well, this depends on what you want, but I suggest you look into sudo. It should be simple to set up and you get full loging of your actions as a nice bonus :-) Tarjei> > > Kevin