summaryrefslogtreecommitdiff
path: root/docs/smbdotconf/security
diff options
context:
space:
mode:
authorJohn Terpstra <jht@samba.org>2005-10-20 21:16:38 +0000
committerGerald W. Carter <jerry@samba.org>2008-04-23 08:47:10 -0500
commit571e95fc594b97b6a3ac3b59c0f19e851e5dd455 (patch)
tree9f0bd585a16c1e9c917be7b97742f822997a0769 /docs/smbdotconf/security
parent736d8233feb6578350f668b2d7710abeb2cf1eb7 (diff)
downloadsamba-571e95fc594b97b6a3ac3b59c0f19e851e5dd455.tar.gz
samba-571e95fc594b97b6a3ac3b59c0f19e851e5dd455.tar.bz2
samba-571e95fc594b97b6a3ac3b59c0f19e851e5dd455.zip
Docscovering the rename user script from jmcd.
(This used to be commit b6a17f4f7cb76468343925db007f375e52c16c35)
Diffstat (limited to 'docs/smbdotconf/security')
-rw-r--r--docs/smbdotconf/security/renameuserscript.xml33
1 files changed, 33 insertions, 0 deletions
diff --git a/docs/smbdotconf/security/renameuserscript.xml b/docs/smbdotconf/security/renameuserscript.xml
new file mode 100644
index 0000000000..1ec1dcb6eb
--- /dev/null
+++ b/docs/smbdotconf/security/renameuserscript.xml
@@ -0,0 +1,33 @@
+<samba:parameter name="rename user script"
+ context="G"
+ advanced="1" developer="1"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ This is the full pathname to a script that will be run as root by <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> under special circumstances described below.
+ </para>
+
+ <para>
+ When a user with admin authority or SeAddUserPrivilege rights renames a user (e.g.: from the NT4 User Manager
+ for Domains), this script will be run to rename the POSIX user. Two variables, <literal>%uold</literal> and
+ <literal>%unew</literal>, will be substituted with the old and new usernames, respectively. The script should
+ return 0 upon successful completion, and nonzero otherwise.
+ </para>
+
+ <note><para>
+ The script has all responsibility to rename all the necessary data that is accessible in this posix method.
+ This can mean different requirements for different backends. The tdbsam and smbpasswd backends will take care
+ of the contents of their respective files, so the script is responsible only for changing the POSIX username, and
+ other data that may required for your circumstances, such as home directory. Please also consider whether or
+ not you need to rename the actual home directories themselves. The ldapsam backend will not make any changes,
+ because of the potential issues with renaming the LDAP naming attribute. In this case the script is
+ responsible for changing the attribute that samba uses (uid) for locating users, as well as any data that
+ needs to change for other applications using the same directory.
+ </para></note>
+
+</description>
+
+<value type="default">no</value>
+</samba:parameter>