SE_RESTORE_PRIVILEGE, BACKUP_INTENT and W2K08R2
Jeremy Allison
jra at samba.org
Thu May 23 13:45:07 MDT 2013
On Thu, May 23, 2013 at 12:43:09PM -0700, Richard Sharpe wrote:
> On Thu, May 23, 2013 at 12:38 PM, Christian Ambach <ambi at samba.org> wrote:
> > Am 23.05.13 20:35, schrieb Richard Sharpe:
> >
> >> However, I have a capture against Windows where this seems not to be
> >> the case. If the requester has SE_RESTORE_PRIVILEGE it seems that
> >> Windows will allow them to change the owner on a file to anything they
> >> want.
> >>
> >> Is this what people see as well?
> >
> > My understanding is that this the "magic" thing about the SeRestore
> > Privilege: it allows backup applications to change ownerships of
> > restored files. When you do not have this privilege set, you can
> > only change the owner of a file to yourself (when the ACL allows
> > you to change the owner), but not give ownership to somebody else.
>
> Sure, but I had been under the impression that you could only make use
> of SeRestorePrivilege if you opened the file for backup intent.
> However, this seems not to be the case.
Ok, now I understand your puzzlement. Yeah, I assumed you
had to open with backup intent also in order for the Backup/Restore
privilages to be added to the open handle.
Can you write a torture test against W2K12 showing this isn't
the case ?
Jeremy.
More information about the samba-technical
mailing list