Bug 9340 - We should not use the wheel group for 'administrators'
Summary: We should not use the wheel group for 'administrators'
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.0.0rc3
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks: 8622
  Show dependency treegraph
 
Reported: 2012-10-30 07:33 UTC by Andrew Bartlett
Modified: 2012-11-05 09:57 UTC (History)
1 user (show)

See Also:

Attachments
patch from master - no longer use wheel group in provision (12.77 KB, patch)
2012-10-30 07:34 UTC, Andrew Bartlett 		abartlet: review? (metze)
obnox: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2012-10-30 07:33:57 UTC 
while very attractive in some senses, using 'wheel' as a GID means we cannot have administrators own files, which is required for mandatory profiles.
Comment 1 Andrew Bartlett 2012-10-30 07:34:41 UTC 
Created attachment 8124 [details]
patch from master - no longer use wheel group in provision
Comment 2 Michael Adam 2012-11-01 11:04:17 UTC 
Comment on attachment 8124 [details]
patch from master - no longer use wheel group in provision

This looks good. The only question I have is what heppens to S-1-5-32-544: the idmap setup for that sid is not changed but removed  completely. Is that correct?
Comment 3 Andrew Bartlett 2012-11-01 11:54:17 UTC 
It will get the next available uid/gid as IDMAP_BOTH.
Comment 4 Michael Adam 2012-11-01 12:38:49 UTC 
Comment on attachment 8124 [details]
patch from master - no longer use wheel group in provision

ACK
Comment 5 Michael Adam 2012-11-01 12:40:07 UTC 
(In reply to comment #3)
> It will get the next available uid/gid as IDMAP_BOTH.

Oh right... :-)

Assigning to Karolin for inclusion into v4-0-test
Comment 6 Karolin Seeger 2012-11-02 07:42:51 UTC 
Pushed to autobuild-v4-0-test.
Comment 7 Karolin Seeger 2012-11-05 09:57:42 UTC 
Has been pushed to v4-0-test.
Closing out bug report.

Thanks!