[Samba] What's the use of SeDiskOperatorPrivilege?
Andrew Walker
walker.aj325 at gmail.com
Thu Jan 28 15:17:28 UTC 2021
On Thu, Jan 28, 2021 at 9:36 AM Rowland penny via samba <
samba at lists.samba.org> wrote:
> On 28/01/2021 14:18, Andrew Walker via samba wrote:
> > Off the top of my head, there are a couple cases where share permissions
> > are useful:
> > 1) You're using the smb.conf parameter "access based share enum" to limit
> > visibility of shares in the browse list.
> > 2) You need to strictly enforce a share-wide upper bound on permissions.
> > For instance, this can be done to limit what the owner of a file can do
> > (although it's probably better to do this through an "OWNER RIGHTS"
> S-1-3-4
> > entry in the NTFS ACL).
>
>
> Andrew, The problem seems to be that if you change the 'shares' tab,
> then you cannot change the permissions on the 'security' tab. Because of
> this, I wouldn't advise changing the 'shares' tab, do everything on the
> 'security' tab.
>
> Rowland
>
Right. The share ACL defined in that tab will be evaluated when attempting
to set the filesystem ACL through the security tab. It's important to not
cut your legs out from under yourself (probably leave Domain Admins with
Full Control).
More information about the samba
mailing list