[Samba] SeDiskOperatorPrivilege
samba.20.andwin at spamgourmet.com
samba.20.andwin at spamgourmet.com
Fri Apr 11 10:32:49 MDT 2014
Hi David,
I'm quite new to this, so please bear with me.
1) Do I get you right that the domain administrator isn't supposed to
be able to change DACLs on folders and files when he doesn't own them?
2) What are the share permissions about at all? What do 'Full
Control', 'Change' and 'Read' for a whole share mean?
Best regards
Andreas
On Fri, Apr 11, 2014 at 5:59 PM, david.lloyd at fsmail.net
<samba.andwin.1ce7df1cf6.david.lloyd#fsmail.net at ob.0sg.net> wrote:
> Hi,
>
> Just to check (apologies if you know this and I have misunderstood) - SeDiskOperatorPrivilege is about opening Samba File Shares and associated ACLs, not about changing ACLs on the files themselves. Changing ACLs on arbitrary files requires SeTakeOwnership, and then yes, you still need to own the file to override the DACL.
>
> See: http://www.vionblog.com/manage-samba-permissions-from-windows/
>
> David L
>
>
>> Message Received: Apr 11 2014, 04:40 PM
>> From: samba.20.andwin at spamgourmet.com
>> To: samba at lists.samba.org
>> Cc:
>> Subject: [Samba] SeDiskOperatorPrivilege
>>
>> Hi,
>>
>> I've set up a Samba 4.1.6 AD controller and a Member Server according
>> to the Wiki. All running quite well so far. However, I've a problem
>> concerning file permissions. I've successfully granted the group
>> 'MYDOM\Domain Admins' the SeDiskOperatorPrivilege. This doesn't seem
>> to have an effect. For members of this group (and all other users in
>> fact) it is only possible to change NT ACLs for files which they own.
>> What is the SeDiskOperatorPrivilege supposed to do?
>> I didn't set the 'enable privileges' parameter in smb.conf, as the man
>> page states that this option is deprecated and set to 'yes' by
>> default. However, when I run samba-tool testparm -v, it lists 'enable
>> privileges = No'. Should this be explicitely enabled?
>>
>> Best regards
>> Andreas
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
More information about the samba
mailing list