diff options
author | Andrew Tridgell <tridge@samba.org> | 2004-12-11 05:43:03 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:06:31 -0500 |
commit | dca888e51eb97df60a3af6779b88cfa8d0e34996 (patch) | |
tree | 95bb1fb71486b24bd4452b108e4a0a758cb0ca50 | |
parent | 6ca874f71ad77c82d6e161a3e4772100de2ad6c5 (diff) | |
download | samba-dca888e51eb97df60a3af6779b88cfa8d0e34996.tar.gz samba-dca888e51eb97df60a3af6779b88cfa8d0e34996.tar.bz2 samba-dca888e51eb97df60a3af6779b88cfa8d0e34996.zip |
r4148: add a default set of privileges to the core builtin accounts in the
sam. I decided to do it the simple way of making the privileges user
attributes. w2k doesn't expose the privileges via LDAP, so we are free
to store them in any way we like without breaking compatibility.
(This used to be commit 5f29f4c3079be2fa54b94e08c829dadccc4d14c4)
-rw-r--r-- | source4/provision.ldif | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/source4/provision.ldif b/source4/provision.ldif index 6d370c72e4..65975d2b7d 100644 --- a/source4/provision.ldif +++ b/source4/provision.ldif @@ -258,6 +258,31 @@ groupType: 0x80000005 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE unixName: ${WHEEL} +privilege: SeSecurityPrivilege +privilege: SeBackupPrivilege +privilege: SeRestorePrivilege +privilege: SeSystemtimePrivilege +privilege: SeShutdownPrivilege +privilege: SeRemoteShutdownPrivilege +privilege: SeTakeOwnershipPrivilege +privilege: SeDebugPrivilege +privilege: SeSystemEnvironmentPrivilege +privilege: SeSystemProfilePrivilege +privilege: SeProfileSingleProcessPrivilege +privilege: SeIncreaseBasePriorityPrivilege +privilege: SeLoadDriverPrivilege +privilege: SeCreatePagefilePrivilege +privilege: SeIncreaseQuotaPrivilege +privilege: SeChangeNotifyPrivilege +privilege: SeUndockPrivilege +privilege: SeManageVolumePrivilege +privilege: SeImpersonatePrivilege +privilege: SeCreateGlobalPrivilege +privilege: SeEnableDelegationPrivilege +privilege: SeInteractiveLogonRight +privilege: SeNetworkLogonRight +privilege: SeRemoteInteractiveLogonRight + dn: CN=Users,CN=Builtin,${BASEDN} objectClass: top @@ -323,6 +348,9 @@ systemFlags: 0x8c000000 groupType: 0x80000005 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE +privilege: SeLoadDriverPrivilege +privilege: SeShutdownPrivilege +privilege: SeInteractiveLogonRight dn: CN=Backup Operators,CN=Builtin,${BASEDN} objectClass: top @@ -344,6 +372,10 @@ systemFlags: 0x8c000000 groupType: 0x80000005 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE +privilege: SeBackupPrivilege +privilege: SeRestorePrivilege +privilege: SeShutdownPrivilege +privilege: SeInteractiveLogonRight dn: CN=Replicator,CN=Builtin,${BASEDN} objectClass: top @@ -750,6 +782,12 @@ systemFlags: 0x8c000000 groupType: 0x80000005 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE +privilege: SeBackupPrivilege +privilege: SeSystemtimePrivilege +privilege: SeRemoteShutdownPrivilege +privilege: SeRestorePrivilege +privilege: SeShutdownPrivilege +privilege: SeInteractiveLogonRight dn: CN=Account Operators,CN=Builtin,${BASEDN} objectClass: top @@ -771,6 +809,7 @@ systemFlags: 0x8c000000 groupType: 0x80000005 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE +privilege: SeInteractiveLogonRight dn: CN=Templates,${BASEDN} objectClass: top @@ -864,4 +903,3 @@ cn: TemplateGroup name: TemplateGroup instanceType: 4 sAMAccountType: 0x10000000 - |