1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-28 07:21:54 +03:00
samba-mirror/docs-xml/smbdotconf/logon/enableprivileges.xml
Andrew Bartlett 46168e99f7 s3-param Deprecate a number of security parameters for 3.6
This follows up on the agreement on the samba-technical list in Jan
2011 to deprecate these options, and to possibly remove these in the
4.0 release after user feedback.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri May 13 19:51:41 CEST 2011 on sn-devel-104
2011-05-13 19:51:41 +02:00

27 lines
1.1 KiB
XML

<samba:parameter name="enable privileges"
context="G"
type="boolean"
advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
This deprecated parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either
<command>net rpc rights</command> or one of the Windows user and group manager tools. This parameter is
enabled by default. It can be disabled to prevent members of the Domain Admins group from being able to
assign privileges to users or groups which can then result in certain smbd operations running as root that
would normally run under the context of the connected user.
</para>
<para>
An example of how privileges can be used is to assign the right to join clients to a Samba controlled
domain without providing root access to the server via smbd.
</para>
<para>
Please read the extended description provided in the Samba HOWTO documentation.
</para>
</description>
<value type="default">yes</value>
</samba:parameter>