summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-12-11 05:43:03 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:06:31 -0500
commitdca888e51eb97df60a3af6779b88cfa8d0e34996 (patch)
tree95bb1fb71486b24bd4452b108e4a0a758cb0ca50
parent6ca874f71ad77c82d6e161a3e4772100de2ad6c5 (diff)
downloadsamba-dca888e51eb97df60a3af6779b88cfa8d0e34996.tar.gz
samba-dca888e51eb97df60a3af6779b88cfa8d0e34996.tar.bz2
samba-dca888e51eb97df60a3af6779b88cfa8d0e34996.zip
r4148: add a default set of privileges to the core builtin accounts in the
sam. I decided to do it the simple way of making the privileges user attributes. w2k doesn't expose the privileges via LDAP, so we are free to store them in any way we like without breaking compatibility. (This used to be commit 5f29f4c3079be2fa54b94e08c829dadccc4d14c4)
-rw-r--r--source4/provision.ldif40
1 files changed, 39 insertions, 1 deletions
diff --git a/source4/provision.ldif b/source4/provision.ldif
index 6d370c72e4..65975d2b7d 100644
--- a/source4/provision.ldif
+++ b/source4/provision.ldif
@@ -258,6 +258,31 @@ groupType: 0x80000005
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
unixName: ${WHEEL}
+privilege: SeSecurityPrivilege
+privilege: SeBackupPrivilege
+privilege: SeRestorePrivilege
+privilege: SeSystemtimePrivilege
+privilege: SeShutdownPrivilege
+privilege: SeRemoteShutdownPrivilege
+privilege: SeTakeOwnershipPrivilege
+privilege: SeDebugPrivilege
+privilege: SeSystemEnvironmentPrivilege
+privilege: SeSystemProfilePrivilege
+privilege: SeProfileSingleProcessPrivilege
+privilege: SeIncreaseBasePriorityPrivilege
+privilege: SeLoadDriverPrivilege
+privilege: SeCreatePagefilePrivilege
+privilege: SeIncreaseQuotaPrivilege
+privilege: SeChangeNotifyPrivilege
+privilege: SeUndockPrivilege
+privilege: SeManageVolumePrivilege
+privilege: SeImpersonatePrivilege
+privilege: SeCreateGlobalPrivilege
+privilege: SeEnableDelegationPrivilege
+privilege: SeInteractiveLogonRight
+privilege: SeNetworkLogonRight
+privilege: SeRemoteInteractiveLogonRight
+
dn: CN=Users,CN=Builtin,${BASEDN}
objectClass: top
@@ -323,6 +348,9 @@ systemFlags: 0x8c000000
groupType: 0x80000005
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
+privilege: SeLoadDriverPrivilege
+privilege: SeShutdownPrivilege
+privilege: SeInteractiveLogonRight
dn: CN=Backup Operators,CN=Builtin,${BASEDN}
objectClass: top
@@ -344,6 +372,10 @@ systemFlags: 0x8c000000
groupType: 0x80000005
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
+privilege: SeBackupPrivilege
+privilege: SeRestorePrivilege
+privilege: SeShutdownPrivilege
+privilege: SeInteractiveLogonRight
dn: CN=Replicator,CN=Builtin,${BASEDN}
objectClass: top
@@ -750,6 +782,12 @@ systemFlags: 0x8c000000
groupType: 0x80000005
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
+privilege: SeBackupPrivilege
+privilege: SeSystemtimePrivilege
+privilege: SeRemoteShutdownPrivilege
+privilege: SeRestorePrivilege
+privilege: SeShutdownPrivilege
+privilege: SeInteractiveLogonRight
dn: CN=Account Operators,CN=Builtin,${BASEDN}
objectClass: top
@@ -771,6 +809,7 @@ systemFlags: 0x8c000000
groupType: 0x80000005
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
+privilege: SeInteractiveLogonRight
dn: CN=Templates,${BASEDN}
objectClass: top
@@ -864,4 +903,3 @@ cn: TemplateGroup
name: TemplateGroup
instanceType: 4
sAMAccountType: 0x10000000
-