s4 provision: Make GPO folder group writable

The group of this folder is domain administrator and it seems sensible
that all domain administrators have the right to modify the gpo (they
have it at the NT ACLs level ...)

diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 7d8b08f54dd36c826851513c4af977477fc23ee3..b9c42744fc190b4dd1467d7d4b35a0ce18bcb188 100644 (file)
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -962,15 +962,15 @@ def getpolicypath(sysvolpath, dnsdomain, guid):
 
 def create_gpo_struct(policy_path):
     if not os.path.exists(policy_path):
-        os.makedirs(policy_path, 0755)
+        os.makedirs(policy_path, 0775)
     open(os.path.join(policy_path, "GPT.INI"), 'w').write(
                       "[General]\r\nVersion=65543")
     p = os.path.join(policy_path, "MACHINE")
     if not os.path.exists(p):
-        os.makedirs(p, 0755)
+        os.makedirs(p, 0775)
     p = os.path.join(policy_path, "USER")
     if not os.path.exists(p):
-        os.makedirs(p, 0755)
+        os.makedirs(p, 0775)
 
 
 def create_default_gpo(sysvolpath, dnsdomain, policyguid, policyguid_dc):