s4 provision: Make GPO folder group writable

The group of this folder is domain administrator and it seems sensible
that all domain administrators have the right to modify the gpo (they
have it at the NT ACLs level ...)

diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index c1a35c93381f12bb7f53a49020e67ac54f84672b..0d4b8dc59641afbfb9219ab4ab5e55d09684a961 100644 (file)
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -978,15 +978,15 @@ def getpolicypath(sysvolpath, dnsdomain, guid):
 
 def create_gpo_struct(policy_path):
     if not os.path.exists(policy_path):
-        os.makedirs(policy_path, 0755)
+        os.makedirs(policy_path, 0775)
     open(os.path.join(policy_path, "GPT.INI"), 'w').write(
                       "[General]\r\nVersion=65543")
     p = os.path.join(policy_path, "MACHINE")
     if not os.path.exists(p):
-        os.makedirs(p, 0755)
+        os.makedirs(p, 0775)
     p = os.path.join(policy_path, "USER")
     if not os.path.exists(p):
-        os.makedirs(p, 0755)
+        os.makedirs(p, 0775)
 
 
 def create_default_gpo(sysvolpath, dnsdomain, policyguid, policyguid_dc):