smbcacls with -P option fails with NT_STATUS_INVALID_OWNER

[Shilpa K]

Hello,

In a member server configuration, we had added the machine account to
"admin users" parameter in the SMB.CONF file. Afterwards, when we executed
smbcacls with -P option to change owner/ set ACLs, it failed with
NT_STATUS_INVALID_OWNER.
After investigation, we found that the user needed restore privilege in
order to change owner. This is in Samba 3.6+ version. As a simple fix, we
thought of not checking for restore privilege when the SMBD process is
running in root context. Another option that we had was to port fix from
4.* code which does not check for restore privilege provided the user
has SEC_STD_WRITE_DAC/SEC_STD_WRITE_OWNER access. So, we pulled out the
changes present in the routine set_sd() in nttrans.c file. To be certain
that we do not run into any regression, we wanted to understand why restore
privilege check is not required when changing owner. I tried searching for
a related bug in bugzilla but could not find one. So, posting this query
here. Can you please explain why restore privilege check is not required
while changing owner as long as the user has
SEC_STD_WRITE_DAC/SEC_STD_WRITE_OWNER?

Thanks,
Shilpa