[Samba] What's the use of SeDiskOperatorPrivilege?

Matthias Leopold matthias.leopold at meduniwien.ac.at
Thu Jan 28 10:06:10 UTC 2021

Am 28.01.21 um 10:31 schrieb Rowland penny via samba:
> On 28/01/2021 09:11, Matthias Leopold via samba wrote:
>> Thanks.
>> Is it correct, that "Full Control" for "Everyone" is needed in a 
>> shares permissions when the Domain Administrator wants to access it 
>> (and is mapped to root in "username map")?
> Yes, but more importantly, if you do not have 'Everyone' set on the 
> share tab (which, as far as I can see, is the default) then your users 
> will not be able to access the permissions. Unless you have a valid 
> reason to alter the share tab (and I cannot think of one), leave it 
> alone, this is one of the mistakes that a lot of people make, they alter 
> the share tab.
Then why bothering with granting SeDiskOperatorPrivilege when share 
permissions shall not be modified at all (this was my original question)?

>> If Yes: Shall "Full Control" for "Everyone" be the permanent setting 
>> for a share permissions in this case or shall it only be added when 
>> needed?
>> Maybe all this is obvious to other people, I'm somehow missing a piece 
>> here in understanding how share permissions are meant to be configured.
> The problem is that Microsoft called the tab that you might need to 
> modify 'security', a better name would have been 'NTFS permissions'.

I know that the settings in "Security" are essential. I always aimed at 
configuring the correct combination of "Share permissions" and 
"Security". There are instructions in the Microsoft docs about this.


More information about the samba mailing list