[Samba] SMB2 CREATE + ACCESS_SYSTEM_SECURITY
Steve Tice
stic6021 at gmail.com
Wed Dec 19 09:43:47 MST 2012
Can anybody provide the expected response to an SMB2 CREATE request
that includes
ACCESS_SYSTEM_SECURITY in the DesiredAccess mask? I’m particularly interested in
cases where the SMB client is connected as an authenticated user with
administrative
(superuser) privileges on the share, and has made the request on a
directory. Should
such a client expect full (read/change) access to the SACL (under any
conditions)?
The question above is theoretical in nature. Practically speaking,
does any version
of the Samba server respond correctly to the request described above? I have a
Windows application that makes such a request, and have tested it against Samba
server versions 3.5.10-125.el6 and 3.6.7. I keep seeing a response of
NT_STATUS_PRIVILEGE_NOT_HELD, and think that's not the correct response when the
client has superuser privileges - but perhaps my expectation is wrong. If I make
the same request while connected to a share on a Windows server, the response is
NT_STATUS_OK.
Is there a Samba server configuration change I could make that would affect the
behavior? Is there any setup work to do prior to sending the SMB2 CREATE request
(for example, adding a privilege)?
Thanks,
Steve Ticestic6021 at gmail.com
More information about the samba
mailing list