granting SeSecurityPrivilege to user

Fri Oct 22 12:01:27 MDT 2010

On Tue, Oct 19, 2010 at 05:34:35PM -0700, Nagaraj Shyam wrote:
> Hi,
> 
>  
> 
> I get the error NT_STATUS_PRIVILEGE_NOT_HELD - returned from the function
> create_file_unixpath() from the following block of code:
> 
>  
> 
> /* We need to support SeSecurityPrivilege for this. */
> 
>         if (access_mask & SEC_FLAG_SYSTEM_SECURITY) {
> 
>                 status = NT_STATUS_PRIVILEGE_NOT_HELD;
> 
>                 goto fail;
> 
>         }
> 
>  
> 
> This is while using samba 3.5.3 on suse linux and trying to migrate files from
> a windows machine to samba share.   SeSecurityPrivelege is not one of the
> recognized/supported privileges for it to be granted to the user.
> 
>  
> 
> net rpc share migrate files also seems to have issues copying folders from the
> windows share if any acl is present on a directory that has a ACE with “deny
> everyone else rule”, the migrate prints the error:
> 
>  
> 
> could not handle dir \foldername: NT_STATUS_ACCESS_DENIED
> 
> I used the above command with --acls --attrs –timestamps option.
> 
>  
> 
> thanks for any info on how to workaround acl/ea these issues during file
> migration.

FYI. I've implemented the SEC_FLAG_SYSTEM_SECURITY in v3-6-test and
master (not yet in 3.5.x). If you want to give either of those code
bases a test I'd appreciate it.

You'll need to add the SeSystemSecurity privilege using 'net rpc rights'
first.

Jeremy.