SE_RESTORE_PRIVILEGE, BACKUP_INTENT and W2K08R2
Jeremy Allison
jra at samba.org
Thu May 23 13:43:25 MDT 2013
On Thu, May 23, 2013 at 09:38:44PM +0200, Christian Ambach wrote:
> Am 23.05.13 20:35, schrieb Richard Sharpe:
>
> > However, I have a capture against Windows where this seems not to be
> > the case. If the requester has SE_RESTORE_PRIVILEGE it seems that
> > Windows will allow them to change the owner on a file to anything they
> > want.
> >
> > Is this what people see as well?
>
> My understanding is that this the "magic" thing about the SeRestore
> Privilege: it allows backup applications to change ownerships of
> restored files. When you do not have this privilege set, you can
> only change the owner of a file to yourself (when the ACL allows
> you to change the owner), but not give ownership to somebody else.
Yep, SE_RESTORE_PRIVILEGE automatically grants SEC_STD_WRITE_DAC
and SEC_STD_WRITE_OWNER.
Jeremy.
More information about the samba-technical
mailing list