Roland Hordos
2006-Oct-30 18:59 UTC
[Samba] Documentation Inconsistency - enable privileges
Hi, In the 3.0.23c swat documentation, it indicates the default for "enable privileges" parameter is both yes and no. Does anyone know what the actual default is? Details below - relevant sections in CAPS. Thank you. Roland Hordos enable privileges (G) This parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either net rpc rights or one of the Windows user and group manager tools. This parameter is DISABLED BY DEFAULT to prevent members of the Domain Admins group from being able to assign privileges to users or groups which can then result in certain smbd operations running as root that would normally run under the context of the connected user. An example of how privileges can be used is to assign the right to join clients to a Samba controlled domain without providing root access to the server via smbd. Please read the extended description provided in the Samba documentation. DEFAULT: enable privileges = yes
John H Terpstra
2006-Oct-31 04:56 UTC
[Samba] Documentation Inconsistency - enable privileges
On Monday 30 October 2006 12:59, Roland Hordos wrote:> Hi, > > In the 3.0.23c swat documentation, it indicates the default for "enable > privileges" parameter is both yes and no. Does anyone know what the > actual default is? Details below - relevant sections in CAPS. > > Thank you. > > Roland Hordos > > > enable privileges (G) > > This parameter controls whether or not smbd will honor privileges > assigned to specific SIDs via either net rpc rights or one of the > Windows user and group manager tools. This parameter is DISABLED BY > DEFAULT to prevent members of the Domain Admins group from being able to > assign privileges to users or groups which can then result in certain > smbd operations running as root that would normally run under the > context of the connected user. > An example of how privileges can be used is to assign the right to join > clients to a Samba controlled domain without providing root access to > the server via smbd. > Please read the extended description provided in the Samba > documentation. > DEFAULT: enable privileges = yesThanks for pointing that out. It has been fixed in the master code tree. By default this parameter is enabled in all recent versions of Samba-3.0. - John T.