[Pkg-samba-maint] Bug#462045: Bug#462045: samba: automagically add initial set of domain groups
Steve Langasek
vorlon at debian.org
Tue Jan 13 20:16:40 UTC 2009
tags 462045 -wontfix
thanks
On Tue, Jan 13, 2009 at 07:13:23PM +0100, Christian Perrier wrote:
> > Currently the default Samba install assumes you wish to either be a PDC
> > or a standalone server (things could be setup so it asks you if Samba
> > shluld be a BDC or Domain member, but there are not).
> > In either case the following Windows groups need to exist:
> > - Domain Admins
> > - Domain Users
> > - Domain Guests
> > Each of these groups has a well-known Unix group equivalent, (ntadmins,
> > users and nogroup) respectively.
> > It would be good if:
> > - these Unix groups (ntadmins, users and nogroup) were added if
> > they went not present.
> Well, that's contradictory. In one sentence, you mention these groups
> to be "well-known groups"....but, later, you suggest adding them if
> they don't exist.
> It is my understanding that "well-known groups" are groups that have a
> significant-enough prevalence to be added in base-passwd.... If these
> ones aren't, they're not well-known enough
The 'users' and 'nogroup' groups are both part of base-passwd, so there
would be no need to add these in the maintainer script.
Only the 'ntadmin' group is questionable. It's given as an example group
name in smb.conf, but I don't think we can reasonably assume that it's ok to
automatically map it as 'Domain Admins' if it exists on the target system,
since a user may have created it for some *other *purpose.
> >
> > - these mappings were automatically added into Samba
> > (net groupmap add ntgroup="Domains Admins" unixgroup="ntadmins"
> > rid=512 type=d, etc.)
> More generally speaking, I think that such tweaking belongs to the
> local administrator and providing this for all users of the samba
> package would certainly have weird side effects.
> Therefore, I don't think we should implement this. Other maintainers,
> please untag this bug if you disagree.
I disagree, so untagging. I think it would be reasonable to set up the
Domain Users / Domain Guests mappings by default on a first install.
I may be convinced otherwise by the time we go to implement it, but at least
for the moment I think it's worth looking at.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
More information about the Pkg-samba-maint
mailing list