[Samba] SeDiskOperatorPrivilege
david.lloyd at fsmail.net
david.lloyd at fsmail.net
Fri Apr 11 09:59:50 MDT 2014
Hi,
Just to check (apologies if you know this and I have misunderstood) - SeDiskOperatorPrivilege is about opening Samba File Shares and associated ACLs, not about changing ACLs on the files themselves. Changing ACLs on arbitrary files requires SeTakeOwnership, and then yes, you still need to own the file to override the DACL.
See: http://www.vionblog.com/manage-samba-permissions-from-windows/
David L
> Message Received: Apr 11 2014, 04:40 PM
> From: samba.20.andwin at spamgourmet.com
> To: samba at lists.samba.org
> Cc:
> Subject: [Samba] SeDiskOperatorPrivilege
>
> Hi,
>
> I've set up a Samba 4.1.6 AD controller and a Member Server according
> to the Wiki. All running quite well so far. However, I've a problem
> concerning file permissions. I've successfully granted the group
> 'MYDOM\Domain Admins' the SeDiskOperatorPrivilege. This doesn't seem
> to have an effect. For members of this group (and all other users in
> fact) it is only possible to change NT ACLs for files which they own.
> What is the SeDiskOperatorPrivilege supposed to do?
> I didn't set the 'enable privileges' parameter in smb.conf, as the man
> page states that this option is deprecated and set to 'yes' by
> default. However, when I run samba-tool testparm -v, it lists 'enable
> privileges = No'. Should this be explicitely enabled?
>
> Best regards
> Andreas
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list