search for: unixadmin

...ld be grateful if you could share your thoughts. >> >> /Davor >> > > How about this: > > ssh into the DC, either as root or as a user that can use sudo (you > can use kerberos, but I am not going into that here) > > Create the group: > samba-tool group add unixadmins --gid-number=GID_NUMBER > --nis-domain=NIS_DOMAIN > > Add the group to Administrators: > samba-tool group addmembers Administrators unixadmins > > Add the required users to unixadmins, they should get the same rights > as if they were directly members of Administrators. >...

Howdy folks, I'm having an issue with sudo not recognizing nested groups via AD and winbind. I have an AD group called UnixAdmins and when I ad and AD account *directly* into this group, I am able to use sudo just fine as it is in the sudoers. *but* say I have a nested group in UnixAdmins like CustomerUsers or whatnot it won't recognize. Now, I also restrict access via pam.d systems-auth to UnixAdmins, so I know that par...

...gt;>>> >>>> >>> How about this: >>> >>> ssh into the DC, either as root or as a user that can use sudo (you can >>> use kerberos, but I am not going into that here) >>> >>> Create the group: >>> samba-tool group add unixadmins --gid-number=GID_NUMBER >>> --nis-domain=NIS_DOMAIN >>> >>> Add the group to Administrators: >>> samba-tool group addmembers Administrators unixadmins >>> >>> Add the required users to unixadmins, they should get the same rights as >>>...

.... >>> >>> /Davor >>> >>> >> How about this: >> >> ssh into the DC, either as root or as a user that can use sudo (you can >> use kerberos, but I am not going into that here) >> >> Create the group: >> samba-tool group add unixadmins --gid-number=GID_NUMBER >> --nis-domain=NIS_DOMAIN >> >> Add the group to Administrators: >> samba-tool group addmembers Administrators unixadmins >> >> Add the required users to unixadmins, they should get the same rights as >> if they were directly membe...

...>>> >>>>> ssh into the DC, either as root or as a user that can use sudo >>>>> (you can >>>>> use kerberos, but I am not going into that here) >>>>> >>>>> Create the group: >>>>> samba-tool group add unixadmins --gid-number=GID_NUMBER >>>>> --nis-domain=NIS_DOMAIN >>>>> >>>>> Add the group to Administrators: >>>>> samba-tool group addmembers Administrators unixadmins >>>>> >>>>> Add the required users to unixadmins,...

...gt; How about this: >>>> >>>> ssh into the DC, either as root or as a user that can use sudo (you >>>> can >>>> use kerberos, but I am not going into that here) >>>> >>>> Create the group: >>>> samba-tool group add unixadmins --gid-number=GID_NUMBER >>>> --nis-domain=NIS_DOMAIN >>>> >>>> Add the group to Administrators: >>>> samba-tool group addmembers Administrators unixadmins >>>> >>>> Add the required users to unixadmins, they should get the sam...

On 2015-10-29 09:52, Rowland Penny wrote: > On 29/10/15 08:34, Davor Vusir wrote: >> Hi all! >> >> We have got many delegations in our AD. To add a certain >> administrator group to the local Administrators group you can use GPO >> for Windowsservers. As Samba does not understand GPO I have initially >> used the "username map" feature to add a

...;>>> ssh into the DC, either as root or as a user that can use sudo >>>>>> (you can >>>>>> use kerberos, but I am not going into that here) >>>>>> >>>>>> Create the group: >>>>>> samba-tool group add unixadmins --gid-number=GID_NUMBER >>>>>> --nis-domain=NIS_DOMAIN >>>>>> >>>>>> Add the group to Administrators: >>>>>> samba-tool group addmembers Administrators unixadmins >>>>>> >>>>>> Add the requi...

...t way than what I have described. > > I would be grateful if you could share your thoughts. > > /Davor > How about this: ssh into the DC, either as root or as a user that can use sudo (you can use kerberos, but I am not going into that here) Create the group: samba-tool group add unixadmins --gid-number=GID_NUMBER --nis-domain=NIS_DOMAIN Add the group to Administrators: samba-tool group addmembers Administrators unixadmins Add the required users to unixadmins, they should get the same rights as if they were directly members of Administrators. samba-tool group addmembers unixadmin...

...managehome => true, } @ssh_authorized_key { "seph-2008": ensure => present, key => "...", type => "ssh-dss", name => "seph@macbook-2008", user => seph, } } class user::unixadmins inherits user::virtual { realize( User["seph"], ssh_authorized_key["seph-2008"], ) } node test { include user::unixadmins } I correctly get the user seph, but not the ssh authorized key. If I switch to a real ssh_authorized_key by removing the @...

...?H1", uid => "8050", comment => "Lucy Moore", gid => "100", home => "/home/lmoore", ensure => "present", shell => "/usr/bin/bash", managehome => true, } } # unixadmins.pp # # Realize the members of the Unix team and include any contractors class virtual_users::unixadmins inherits virtual_users::virtual { # Realize our team members realize( Group["users"], ) realize( User["lmoore"], ) } #init.pp #virtua...

...tting_up_a_Share_Using_POSIX_ACLs > > > # chmod 700 /u01/test > # chown root:root /u01/test > # setfacl -m group::--- /u01/test > # setfacl -m default:group::--- /u01/test > # setfacl -m other::--- /u01/test > # setfacl -m default:other::--- /u01/test > # setfacl -m group:unixadmins:rwx /u01/test > # setfacl -m default:group:unixadmins:rwx /u01/test > > > smb.conf > >  [test] >   comment = test >   path = /u01/test >   read only = No >   inherit acls = yes > > > Dale

...B (\Noselect) "/" "#shared/decs/pcadmin" * LSUB () "/" "#shared/decs/network" * LSUB (\Noselect) "/" "#shared/decs/printmaster" * LSUB () "/" "#shared/decs/postmaster" * LSUB (\Noselect) "/" "#shared/decs/unixadmin" * LSUB () "/" "#shared/decs/security" * LSUB (\Noselect) "/" "#shared/decs/webmaster" l OK Lsub completed. This only seems to happen when the acl plugin is enabled. Without the acl plugin, these are not listed as subscriptions. After deleting /egr/mai...

...it would be a pain to test the same situation with 1.1b3 again (although if needed, I can). If dovecot-shared exists in the folder I try to open, dovecot says: Oct 27 12:57:38 gribble dovecot: IMAP(mcdouga9): fchown() failed with file /home/mcdouga9/Maildir/dovecot11testing/public/indexes/decs/.unixadmin/dovecot.index.log: Operation not permitted Oct 27 12:57:38 gribble dovecot: child 55470 (imap) killed with signal 11 I am used to getting the first message because dovecot tries to apply perms from dovecot-shared to the index files which are elsewhere. If I open a public folder without doveco...

Hi Vincent, have you found a solution that makes "force directory mode = 2770" able to apply to new created folders ? I have a similar problem: if I set by hand (eg. chmod 2770) the folder A and then I try to create an X element into that folder through samba I get the result needed ( group of X become overriden from parent folder A ) but the problem is that the new element X not

...t;> >> >> # chmod 700 /u01/test >> # chown root:root /u01/test >> # setfacl -m group::--- /u01/test >> # setfacl -m default:group::--- /u01/test >> # setfacl -m other::--- /u01/test >> # setfacl -m default:other::--- /u01/test >> # setfacl -m group:unixadmins:rwx /u01/test >> # setfacl -m default:group:unixadmins:rwx /u01/test >> >> >> smb.conf >> >>  [test] >>   comment = test >>   path = /u01/test >>   read only = No >>   inherit acls = yes >> >> >> Dale >

...red/decs/network" * LIST (\HasNoChildren) "/" "#shared/decs/postmaster" * LIST (\HasNoChildren) "/" "#shared/decs/security" * LIST (\HasNoChildren) "/" "#shared/decs/jbossadmin" * LIST (\HasNoChildren) "/" "#shared/decs/unixadmin" truss shows: (null)() = 0 (0x0) gettimeofday({1193511545.540129},0x5b7f00) = 0 (0x0) gettimeofday({1193511545.540216},0x0) = 0 (0x0) kevent(6,{},0,{0x0,EVFILT_READ,0x0,0,0x1c,0x5b83c0},3,{9.999784000}) = 1 (0x1) gettimeofday({119351155...

...spec[last()]/host_group/command NOPASSWD: ALL", "set spec[last()]/host_group/command/runas_user ALL", ], } In that example, the command line looked like this: "set spec[last()]/host_group/command ALL", I added NOPASSWD: and it barfs with this message: err: //user::unixadmins/User::Virtual::Sudoer[joe]/Augeas[sudojoe]/ returns: change from need_to_run to 0 failed: Save failed with return code false The problem seems to be the colon '':'' since NOPASSWD:ALL also fails but this doesn''t error: "set spec[last()]/host_group/command NOPASSWD...

Hi all, I want to use puppet to distribute keys to multiple users. I wanted to do something like we have already: - define a key per real person - define groups containing several keys, people can be in multiple groups - deploy these groups of keys to specific users however it looks like the ssh_authorized_key resource ties a key and a user together so it looks like I fall at the first