summaryrefslogtreecommitdiffstats
path: root/docs-xml/smbdotconf/logon/enableprivileges.xml
diff options
context:
space:
mode:
Diffstat (limited to 'docs-xml/smbdotconf/logon/enableprivileges.xml')
-rw-r--r--docs-xml/smbdotconf/logon/enableprivileges.xml26
1 files changed, 26 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/logon/enableprivileges.xml b/docs-xml/smbdotconf/logon/enableprivileges.xml
new file mode 100644
index 0000000..9e28457
--- /dev/null
+++ b/docs-xml/smbdotconf/logon/enableprivileges.xml
@@ -0,0 +1,26 @@
+<samba:parameter name="enable privileges"
+ context="G"
+ type="boolean"
+ deprecated="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ This deprecated parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either
+ <command>net rpc rights</command> or one of the Windows user and group manager tools. This parameter is
+ enabled by default. It can be disabled to prevent members of the Domain Admins group from being able to
+ assign privileges to users or groups which can then result in certain smbd operations running as root that
+ would normally run under the context of the connected user.
+ </para>
+
+ <para>
+ An example of how privileges can be used is to assign the right to join clients to a Samba controlled
+ domain without providing root access to the server via smbd.
+ </para>
+
+ <para>
+ Please read the extended description provided in the Samba HOWTO documentation.
+ </para>
+
+</description>
+<value type="default">yes</value>
+</samba:parameter>
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-19 08:28:51 +0000