add entry for 'enable privileges'

author Gerald Carter <jerry@samba.org>

Fri, 21 Jan 2005 20:28:01 +0000 (20:28 +0000)

committer Gerald W. Carter <jerry@samba.org>

Wed, 23 Apr 2008 13:46:11 +0000 (08:46 -0500)
author Gerald Carter <jerry@samba.org>
Fri, 21 Jan 2005 20:28:01 +0000 (20:28 +0000)
committer Gerald W. Carter <jerry@samba.org>
Wed, 23 Apr 2008 13:46:11 +0000 (08:46 -0500)
diff --git a/docs/smbdotconf/logon/enableprivileges.xml b/docs/smbdotconf/logon/enableprivileges.xml

new file mode 100644 (file)

index 0000000..e37caaf
--- /dev/null
+++ b/docs/smbdotconf/logon/enableprivileges.xml
@@ -0,0 +1,24 @@
+<samba:parameter name="enable privileges"
+                 context="G"
+                type="boolean"
+                 advanced="1" developer="1"
+                 xmlns:samba="http://samba.org/common">
+<description>
+       <para>This parameter controls whether or not smbd will honor
+        privileges assigned to specific SIDs via either <command>net rpc rights</command>
+        or one of the Windows user and group manager tools.  This parameter is 
+       disabled by default to prevent members of the Domain Admins group from 
+       being able to assign privileges to user which can then result in certain
+       smbd operations running as root that would normally run under the context 
+       of the connected user.  </para>
+
+       <para>An example of how privileges can be used is to assign
+       the right to join clients to a Samba controller domain without
+       providing root access to the server via smbd.</para>
+
+       <para>Please read the extended description provided in the
+       Samba documentation before enabling this option.</para>
+
+</description>
+<value type="default">no</value>
+</samba:parameter>
author	Gerald Carter <jerry@samba.org>
	Fri, 21 Jan 2005 20:28:01 +0000 (20:28 +0000)
committer	Gerald W. Carter <jerry@samba.org>
	Wed, 23 Apr 2008 13:46:11 +0000 (08:46 -0500)