diff options
-rw-r--r-- | docs/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml | 58 | ||||
-rw-r--r-- | docs/Samba3-HOWTO/TOSHARG-TheNetCommand.xml | 39 |
2 files changed, 57 insertions, 40 deletions
diff --git a/docs/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml b/docs/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml index 15a963943b..be83542129 100644 --- a/docs/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml +++ b/docs/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml @@ -57,7 +57,7 @@ access to the UNIX host system. <title>Rights Management Capabilities</title> <para> -Samba 3.0.11 introduces support for the Windows privilege model. This model +Samba 3.0.11 introduced support for the Windows privilege model. This model allows certain rights to be assigned to a user or group SID. In order to enable this feature, <smbconfoption name="enable privileges">yes</smbconfoption> must be defined in the <smbconfsection name="global"/> section of the &smb.conf; file. @@ -100,6 +100,18 @@ The remainder of this chapter explains how to manage and use these privileges on <entry><para>SeDiskOperatorPrivilege</para></entry> <entry><para>Manage disk share</para></entry> </row> + <row> + <entry><para>SeBackupPrivilege</para></entry> + <entry><para>Back up files and directories</para></entry> + </row> + <row> + <entry><para>SeRestorePrivilege</para></entry> + <entry><para>Restore files and directories</para></entry> + </row> + <row> + <entry><para>SeTakeOwnershipPrivilege</para></entry> + <entry><para>Take ownership of files or other objects</para></entry> + </row> </tbody> </tgroup> </table> @@ -249,6 +261,50 @@ on the Samba mailing lists. </sect2> +<sect2> +<title>Privileges Suppored by Windows 2000 Domain Controllers</title> + +<para> + For reference purposes, a Windows 2000 Domain Controller reports that it supports the following + privileges: +<screen> + SeCreateTokenPrivilege Create a token object + SeAssignPrimaryTokenPrivilege Replace a process level token + SeLockMemoryPrivilege Lock pages in memory + SeIncreaseQuotaPrivilege Increase quotas + SeMachineAccountPrivilege Add workstations to domain + SeTcbPrivilege Act as part of the operating system + SeSecurityPrivilege Manage auditing and security log + SeTakeOwnershipPrivilege Take ownership of files or other objects + SeLoadDriverPrivilege Load and unload device drivers + SeSystemProfilePrivilege Profile system performance + SeSystemtimePrivilege Change the system time +SeProfileSingleProcessPrivilege Profile single process +SeIncreaseBasePriorityPrivilege Increase scheduling priority + SeCreatePagefilePrivilege Create a pagefile + SeCreatePermanentPrivilege Create permanent shared objects + SeBackupPrivilege Back up files and directories + SeRestorePrivilege Restore files and directories + SeShutdownPrivilege Shut down the system + SeDebugPrivilege Debug programs + SeAuditPrivilege Generate security audits + SeSystemEnvironmentPrivilege Modify firmware environment values + SeChangeNotifyPrivilege Bypass traverse checking + SeRemoteShutdownPrivilege Force shutdown from a remote system + SeUndockPrivilege Remove computer from docking station + SeSyncAgentPrivilege Synchronize directory service data + SeEnableDelegationPrivilege Enable computer and user accounts to + be trusted for delegation + SeManageVolumePrivilege Perform volume maintenance tasks + SeImpersonatePrivilege Impersonate a client after authentication + SeCreateGlobalPrivilege Create global objects +</screen> + The Samba Team are implementing only those privileges that are logical and useful in the UNIX/Linux + envronment. Many of the Windows 200X/XP privileges have no direct equivalence in UNIX. + </para> + +</sect2> + </sect1> <sect1> diff --git a/docs/Samba3-HOWTO/TOSHARG-TheNetCommand.xml b/docs/Samba3-HOWTO/TOSHARG-TheNetCommand.xml index 01060955dc..fd3830ee9f 100644 --- a/docs/Samba3-HOWTO/TOSHARG-TheNetCommand.xml +++ b/docs/Samba3-HOWTO/TOSHARG-TheNetCommand.xml @@ -880,45 +880,6 @@ No privileges assigned </para> <para> - For reference purposes, a Windows 2000 Domain Controller reports that it supports the following - privileges: -<screen> - SeCreateTokenPrivilege Create a token object - SeAssignPrimaryTokenPrivilege Replace a process level token - SeLockMemoryPrivilege Lock pages in memory - SeIncreaseQuotaPrivilege Increase quotas - SeMachineAccountPrivilege Add workstations to domain - SeTcbPrivilege Act as part of the operating system - SeSecurityPrivilege Manage auditing and security log - SeTakeOwnershipPrivilege Take ownership of files or other objects - SeLoadDriverPrivilege Load and unload device drivers - SeSystemProfilePrivilege Profile system performance - SeSystemtimePrivilege Change the system time -SeProfileSingleProcessPrivilege Profile single process -SeIncreaseBasePriorityPrivilege Increase scheduling priority - SeCreatePagefilePrivilege Create a pagefile - SeCreatePermanentPrivilege Create permanent shared objects - SeBackupPrivilege Back up files and directories - SeRestorePrivilege Restore files and directories - SeShutdownPrivilege Shut down the system - SeDebugPrivilege Debug programs - SeAuditPrivilege Generate security audits - SeSystemEnvironmentPrivilege Modify firmware environment values - SeChangeNotifyPrivilege Bypass traverse checking - SeRemoteShutdownPrivilege Force shutdown from a remote system - SeUndockPrivilege Remove computer from docking station - SeSyncAgentPrivilege Synchronize directory service data - SeEnableDelegationPrivilege Enable computer and user accounts to - be trusted for delegation - SeManageVolumePrivilege Perform volume maintenance tasks - SeImpersonatePrivilege Impersonate a client after authentication - SeCreateGlobalPrivilege Create global objects -</screen> - The Samba Team are implementing only those privileges that are logical and useful in the UNIX/Linux - envronment. Many of the Windows 200X/XP privileges have no direct equivalence in UNIX. - </para> - - <para> In this example, all rights are assigned to the <constant>Domain Admins</constant> group. This is a good idea since members of this group are generally expected to be all-powerful. This assignment makes that the reality: |