[Samba] What's the use of SeDiskOperatorPrivilege?
Matthias Leopold
matthias.leopold at meduniwien.ac.at
Wed Jan 27 16:43:38 UTC 2021
Hi,
I seem to be going in circles when trying to understand "administrative
access" to a share on a domain member fileserver:
What is the use of granting SeDiskOperatorPrivilege to certain groups on
a fileserver so they can manage share permissions when the recommended
and default setting for share permissions is "Full control" for
"Everyone" anyway? This setting is also _needed_ for the Domain
Administrator to _effectively_ get access to the share when using "!root
= SAMDOM\Administrator" in "username map".
I'm referring to
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Mapping_the_Domain_Administrator_Account_to_the_Local_root_User
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs#Granting_the_SeDiskOperatorPrivilege_Privilege
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs#Setting_Share_Permissions_and_ACLs
Please enlighten me.
thx
Matthias
More information about the samba
mailing list