[Samba] Samba 4 & share permissions

Marc Muehlfeld mmuehlfeld at samba.org
Fri Aug 22 09:43:14 MDT 2014

Hello Sébastien,

Am 22.08.2014 14:02, schrieb Sébastien Le Ray:
> I'm using Samba 4 as an AD DC and have a file server under samba 4 too.
> I created a group "Share admins" with SeDiskOperatorPrivilege. Members
> can administrate the share without problems except when adding an
> user/adjusting permissions on existing shares. If some file is not owned
> by the share admins group, I get a "Permission Denied" error. Did I miss
> something? Shouldn't the SeDiskOperatorPrivilege bypass unix permissions
> (which seem to be the issue here)?

The Windows ACLs on a Samba share should work like on a Windows share.
So what permissions does your 'Share admins' group have on the share?
There is a special permission that allows changing ACLs (if you haven't
granted 'full control').

Just granting SeDiskOperatorPrivilege doesn't bring the god-mode :-)

> The wiki does not talk about this since the operations are done
> through the "administrator" user which is mapped to root.

It's not mapped to root - only if you do had configured that.

But you're right. I'll put that on my list and add some more specific
information about that to the guide.


More information about the samba mailing list