r4148: add a default set of privileges to the core builtin accounts in the
authorAndrew Tridgell <tridge@samba.org>
Sat, 11 Dec 2004 05:43:03 +0000 (05:43 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:06:31 +0000 (13:06 -0500)
sam. I decided to do it the simple way of making the privileges user
attributes. w2k doesn't expose the privileges via LDAP, so we are free
to store them in any way we like without breaking compatibility.

source/provision.ldif

index 6d370c72e40933978e9b77878969b666f2e880c1..65975d2b7d7dbf9ccac82566d2a96733dc011485 100644 (file)
@@ -258,6 +258,31 @@ groupType: 0x80000005
 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 isCriticalSystemObject: TRUE
 unixName: ${WHEEL}
+privilege: SeSecurityPrivilege
+privilege: SeBackupPrivilege
+privilege: SeRestorePrivilege
+privilege: SeSystemtimePrivilege
+privilege: SeShutdownPrivilege
+privilege: SeRemoteShutdownPrivilege
+privilege: SeTakeOwnershipPrivilege
+privilege: SeDebugPrivilege
+privilege: SeSystemEnvironmentPrivilege
+privilege: SeSystemProfilePrivilege
+privilege: SeProfileSingleProcessPrivilege
+privilege: SeIncreaseBasePriorityPrivilege
+privilege: SeLoadDriverPrivilege
+privilege: SeCreatePagefilePrivilege
+privilege: SeIncreaseQuotaPrivilege
+privilege: SeChangeNotifyPrivilege
+privilege: SeUndockPrivilege
+privilege: SeManageVolumePrivilege
+privilege: SeImpersonatePrivilege
+privilege: SeCreateGlobalPrivilege
+privilege: SeEnableDelegationPrivilege
+privilege: SeInteractiveLogonRight
+privilege: SeNetworkLogonRight
+privilege: SeRemoteInteractiveLogonRight
+
 
 dn: CN=Users,CN=Builtin,${BASEDN}
 objectClass: top
@@ -323,6 +348,9 @@ systemFlags: 0x8c000000
 groupType: 0x80000005
 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 isCriticalSystemObject: TRUE
+privilege: SeLoadDriverPrivilege
+privilege: SeShutdownPrivilege
+privilege: SeInteractiveLogonRight
 
 dn: CN=Backup Operators,CN=Builtin,${BASEDN}
 objectClass: top
@@ -344,6 +372,10 @@ systemFlags: 0x8c000000
 groupType: 0x80000005
 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 isCriticalSystemObject: TRUE
+privilege: SeBackupPrivilege
+privilege: SeRestorePrivilege
+privilege: SeShutdownPrivilege
+privilege: SeInteractiveLogonRight
 
 dn: CN=Replicator,CN=Builtin,${BASEDN}
 objectClass: top
@@ -750,6 +782,12 @@ systemFlags: 0x8c000000
 groupType: 0x80000005
 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 isCriticalSystemObject: TRUE
+privilege: SeBackupPrivilege
+privilege: SeSystemtimePrivilege
+privilege: SeRemoteShutdownPrivilege
+privilege: SeRestorePrivilege
+privilege: SeShutdownPrivilege
+privilege: SeInteractiveLogonRight
 
 dn: CN=Account Operators,CN=Builtin,${BASEDN}
 objectClass: top
@@ -771,6 +809,7 @@ systemFlags: 0x8c000000
 groupType: 0x80000005
 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 isCriticalSystemObject: TRUE
+privilege: SeInteractiveLogonRight
 
 dn: CN=Templates,${BASEDN}
 objectClass: top
@@ -864,4 +903,3 @@ cn: TemplateGroup
 name: TemplateGroup
 instanceType: 4
 sAMAccountType: 0x10000000
-