Windows seems only to allow Administrators to do NetShareEnumAll while Samba seems to allow anyone to do that
Jeremy Allison
jra at samba.org
Mon Apr 23 15:27:42 MDT 2012
On Mon, Apr 23, 2012 at 02:09:35PM -0700, Richard Sharpe wrote:
> Hi,
>
> I was looking at using Computer Manager to add and remove shares on a
> Samba node, and was testing the addition and deletion of shares by
> non-Admin users.
>
> While both share addition and share deletion fail for non-Admin users,
> deletion fails in a weird manner and is unlike what Windows does.
>
> What happens on the wire is that the Windows Client sends a
> NetShareEnumAll request. Samba honors that request, then Windows send
> a request to enumerate connections, which Samba denies with
> WERR_ACCESS_DENIED, and the user get weird behavior.
>
> Windows servers, on the other hand, deny the NetShareEnumAll.
>
> In looking at srv_srvsvc_nt.c, I see that there is no check for DISK
> OP privilege in neither 3.5.x nor 3.6.x, but I suspect that
> enumerating shares should only be allowed for those who have DISK OP
> privilege.
>
> Does anyone else have an opinion here?
+1 from me to make us more Windows-like here.
More information about the samba-technical
mailing list