Backup privileges for reading files
Richard Sharpe
realrichardsharpe at gmail.com
Thu Jun 25 10:39:20 MDT 2015
On Thu, Jun 25, 2015 at 8:42 AM, Shilpa K <shilpa.krishnareddy at gmail.com> wrote:
> Thanks Richard. Yes, backup intent flag is set:
>
> .... .... .... .... .1.. .... .... .... = Backup Intent: This is
> a create with BACKUP INTENT
>
>
> Will it be a right solution if we set priv_open_requested flag to true when
> calling se_file_access_check() when backup intent flag is set in create
> options?
I am not sure. I forget the 3.6.X code these days. I would try that
and see if you are working with the 3.6.x code base.
> Thanks,
> Shilpa
>
>
> On Thu, Jun 25, 2015 at 7:39 PM, Richard Sharpe
> <realrichardsharpe at gmail.com> wrote:
>>
>> On Thu, Jun 25, 2015 at 6:16 AM, Shilpa K <shilpa.krishnareddy at gmail.com>
>> wrote:
>> > Hello,
>> >
>> > A backup application is trying to read files/directories as part of
>> > backup.
>> > This is being done in the context of a user who is a member of
>> > BUILTIN\backup operators group in Samba. Application is
>> > requesting FILE_READ_DATA access and as the user has no explicit read
>> > access for the directory/file, it is failing with access denied. I see
>> > that
>> > only share security check is bypassed for a member of backup operators
>> > group while read access is required for reading files even if the user
>> > is a
>> > member of backup operators group. Can you please let me know if this is
>> > by
>> > design?
>>
>> Did they signal backup intent? I seem to recall that you need this bit
>> in the CREATE as well.
>>
>> #define FILE_OPEN_FOR_BACKUP_INTENT 0x4000
>>
>>
>> --
>> Regards,
>> Richard Sharpe
>> (何以解憂?唯有杜康。--曹操)
>
>
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
More information about the samba-technical
mailing list