Index: univention-dvs/82univention-dvs-schema.inst =================================================================== --- univention-dvs/82univention-dvs-schema.inst (Revision 20596) +++ univention-dvs/82univention-dvs-schema.inst (Arbeitskopie) @@ -35,6 +35,12 @@ eval "$(univention-config-registry shell ldap/base windows/domain server/role ldap/master)" +univention-directory-manager groups/group create "$@" \ + --ignore_exists \ + --position="cn=groups,$ldap_base" \ + --set name="DVS Nodes" \ + --set UVMMGroup=1 + # create required containers if neccessary univention-directory-manager container/cn create "$@" \ --ignore_exists \ @@ -397,7 +403,7 @@ touch /etc/dvs-domainlogon.secret chmod 640 /etc/dvs-domainlogon.secret - chgrp "Domain Admins" /etc/dvs-domainlogon.secret # TODO: Bug #18629 + chgrp "DVS Nodes" /etc/dvs-domainlogon.secret echo -n "$dvs_password" >/etc/dvs-domainlogon.secret } Index: univention-dvs-node/70univention-dvs-node.inst =================================================================== --- univention-dvs-node/70univention-dvs-node.inst (Revision 20596) +++ univention-dvs-node/70univention-dvs-node.inst (Arbeitskopie) @@ -35,9 +35,8 @@ eval "$(univention-config-registry shell)" -# TODO: this should be fixed with Bug #18629 univention-directory-manager groups/group modify "$@" \ - --dn "cn=Domain Admins,cn=groups,$ldap_base" \ + --dn "cn=DVS Nodes,cn=groups,$ldap_base" \ --ignore_exists \ --append hosts="$ldap_hostdn" Index: univention-dvs-sysprep/debian/univention-dvs-sysprep.univention-config-registry =================================================================== --- univention-dvs-sysprep/debian/univention-dvs-sysprep.univention-config-registry (Revision 20596) +++ univention-dvs-sysprep/debian/univention-dvs-sysprep.univention-config-registry (Arbeitskopie) @@ -2,7 +2,7 @@ File: var/lib/dvs-sysprep/sysprep/uni-join.bat Mode: 0640 User: dvs-domainlogon -Group: Domain Admins +Group: DVS Nodes Variables: hostname Variables: dvs/joinuser Variables: windows/domain @@ -11,7 +11,7 @@ File: var/lib/dvs-sysprep/sysprep-settings/local-settings.bat Mode: 0640 User: dvs-domainlogon -Group: Domain Admins +Group: DVS Nodes Variables: windows/domain Variables: dvs/joinuser Variables: dvs/localgroup Index: univention-dvs-sysprep/85univention-dvs-sysprep.inst =================================================================== --- univention-dvs-sysprep/85univention-dvs-sysprep.inst (Revision 20596) +++ univention-dvs-sysprep/85univention-dvs-sysprep.inst (Arbeitskopie) @@ -51,7 +51,7 @@ --set owner=0 \ --set group=0 \ --set directorymode=0755 \ - --set sambaValidUsers='dvs-domainlogon,"@Domain Admins"' # TODO: Bug #18629 + --set sambaValidUsers='dvs-domainlogon,"@DVS Nodes"' i=0 while univention-scp /etc/machine.secret "${hostname}\$@${ldap_master}:/etc/dvs-domainlogon.secret" /etc/dvs-domainlogon.secret 2>&1| grep -q 'Permission denied'; do Index: univention-dvs-node/univention-dvs-template-create =================================================================== --- univention-dvs-node/univention-dvs-template-create (Revision 20606) +++ univention-dvs-node/univention-dvs-template-create (Arbeitskopie) @@ -40,6 +40,7 @@ import shutil import subprocess import sys +import grp import univention.admin.uldap as uldap # exception variant import univention.admin.modules @@ -82,7 +83,8 @@ fd = open(path, 'wb') pickle.dump( self.domain, fd ) fd.close() - os.chmod(path, 0444) # Bug 20454 + os.chmod(path, 0440) # Bug 20454 + os.chown(path, -1, grp.getgrnam('DVS Nodes').gr_gid) self.object[ 'available' ] = 'TRUE' self.object.modify() @@ -127,7 +129,8 @@ ud.debug( ud.ADMIN, ud.INFO, 'move: %s -> %s' % ( disk.source, dest ) ) if restore: restore_disks.append( ( dest, disk.source ) ) - os.chmod(dest, 0444) # Bug 20454 + os.chmod(dest, 0440) # Bug 20454 + os.chown(dest, -1, grp.getgrnam('DVS Nodes').gr_gid) disk.source = dest self.object[ 'path' ] = path