Bug 9340 - We should not use the wheel group for 'administrators'
We should not use the wheel group for 'administrators'
Status: RESOLVED FIXED
Product: Samba 4.0
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB
4.0.0rc3
All All
: P5 normal
: ---
Assigned To: Karolin Seeger
Samba QA Contact
:
Depends on:
Blocks: 8622
  Show dependency treegraph
 
Reported: 2012-10-30 07:33 UTC by Andrew Bartlett
Modified: 2012-11-05 09:57 UTC (History)
1 user (show)

See Also:


Attachments
patch from master - no longer use wheel group in provision (12.77 KB, patch)
2012-10-30 07:34 UTC, Andrew Bartlett
abartlet: review? (metze)
obnox: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2012-10-30 07:33:57 UTC
while very attractive in some senses, using 'wheel' as a GID means we cannot have administrators own files, which is required for mandatory profiles.
Comment 1 Andrew Bartlett 2012-10-30 07:34:41 UTC
Created attachment 8124 [details]
patch from master - no longer use wheel group in provision
Comment 2 Michael Adam 2012-11-01 11:04:17 UTC
Comment on attachment 8124 [details]
patch from master - no longer use wheel group in provision

This looks good. The only question I have is what heppens to S-1-5-32-544: the idmap setup for that sid is not changed but removed  completely. Is that correct?
Comment 3 Andrew Bartlett 2012-11-01 11:54:17 UTC
It will get the next available uid/gid as IDMAP_BOTH.
Comment 4 Michael Adam 2012-11-01 12:38:49 UTC
Comment on attachment 8124 [details]
patch from master - no longer use wheel group in provision

ACK
Comment 5 Michael Adam 2012-11-01 12:40:07 UTC
(In reply to comment #3)
> It will get the next available uid/gid as IDMAP_BOTH.

Oh right... :-)

Assigning to Karolin for inclusion into v4-0-test
Comment 6 Karolin Seeger 2012-11-02 07:42:51 UTC
Pushed to autobuild-v4-0-test.
Comment 7 Karolin Seeger 2012-11-05 09:57:42 UTC
Has been pushed to v4-0-test.
Closing out bug report.

Thanks!