[Samba] What's the use of SeDiskOperatorPrivilege?
matthias.leopold at meduniwien.ac.at
Thu Jan 28 10:40:54 UTC 2021
Am 28.01.21 um 11:21 schrieb Rowland penny via samba:
> On 28/01/2021 10:06, Matthias Leopold via samba wrote:
>> Then why bothering with granting SeDiskOperatorPrivilege when share
>> permissions shall not be modified at all (this was my original question)?
> Because you are falling into the trap of thinking that the share tab has
> anything to do with setting the NTFS permissions on a share. Nearly
> every time anyone has problems setting permissions on a Samba from
> Windows, they have messed with the share tab, the favourite one is
> removing 'Everyone'. Just ensure that only 'Everyone' is set on the
> share tab with Full Control, Change and Read permissions set.
>> I know that the settings in "Security" are essential. I always aimed
>> at configuring the correct combination of "Share permissions" and
>> "Security". There are instructions in the Microsoft docs about this.
> I can only talk from experience, leave the share tab alone and set the
> permissions with the security tab.
Just for the records:
I was always aware that share and NTFS permissions are separate layers.
I thought using them both gave extra security mainly because access to
share permission management is limited (this is where
SeDiskOperatorPrivilege comes in). But there's no need for further
discussion, thanks for explaining things to me, I'll follow the
suggested best practice.
More information about the samba