[Samba] Change permissions as administrator

Andrés Domínguez andresdju at gmail.com
Mon Apr 28 02:37:57 MDT 2014 

Hi.

I have being trying to resolve this problem for another week without
success.
Is the 'SeDiskOperatorPrivilege' what allows a user/group to change
permissions? What does the privilage otherwise?

This is a production server, so it is an annoying issue. I don't like
changing
the file owner to be able to change permissions by 'Administrator'.

Any help is highly appreciated.

Andrés


2014-04-23 11:43 GMT+02:00 Andrés Domínguez <andresdju at gmail.com>:

> I'm new in the mailing list, so hello to everyone.
>
> I have two file servers with samba4 as domain members of a windows server
> 2012 AD.
> I'd like to change permissions from windows machines as administrator, but
> I can only change permissions by the file owner. Is this possible?
>
> Thank you in advance
>
> Andrés
>
> Configuration:
>
> Debian amd64 kernel 3.12.
> Samba 4.1.6-Debian (from distro)
>
> /etc/samba/smb.conf:
>
> [global]
>
>    workgroup = MYDOMAIN
>    security = ADS
>    realm = MYDOMAIN.COM
>
>    idmap config *:backend = tdb
>    idmap config *:range = 1000000-1999999
>    idmap config MYDOMAIN:backend = rid
>    idmap config MYDOMAIN:range = 10000-49999
>
>    winbind nss info = rfc2307
>    winbind enum users = yes
>    winbind enum groups = yes
>    winbind use default domain = yes
>    winbind nested groups = yes
>    winbind refresh tickets = yes
>    winbind separator = +
>    template homedir = /home/%D/%U
>    template shell = /bin/bash
>
>    vfs objects = btrfs
>    map acl inherit = Yes
>    store dos attributes = Yes
>
> /etc/nsswitch.conf:
>
> passwd:         compat winbind
> group:          compat winbind
> shadow:         compat
>
> hosts:          files mdns4_minimal [NOTFOUND=return] dns
> networks:       files
>
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
>
> netgroup:       nis
>
>
> # net rpc rights list accounts -Uadministrador
>
> MYDOMAIN\Admins. del dominio
> SeDiskOperatorPrivilege
>
> BUILTIN\Administrators
> SeDiskOperatorPrivilege
> ...
>
> Everyone
> No privileges assigned
>
> MYDOMAIN\administrador
> SeDiskOperatorPrivilege
>

More information about the samba mailing list