Backup privileges for reading files

Richard Sharpe realrichardsharpe at gmail.com
Thu Jun 25 08:09:28 MDT 2015


On Thu, Jun 25, 2015 at 6:16 AM, Shilpa K <shilpa.krishnareddy at gmail.com> wrote:
> Hello,
>
> A backup application is trying to read files/directories as part of backup.
> This is being done in the context of a user who is a member of
> BUILTIN\backup operators group in Samba. Application is
> requesting FILE_READ_DATA access and as the user has no explicit read
> access for the directory/file, it is failing with access denied. I see that
> only share security check is bypassed for a member of backup operators
> group while read access is required for reading files even if the user is a
> member of backup operators group. Can you please let me know if this is by
> design?

Did they signal backup intent? I seem to recall that you need this bit
in the CREATE as well.

#define FILE_OPEN_FOR_BACKUP_INTENT    0x4000


-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)


More information about the samba-technical mailing list