[Samba] Can't change directory owner

Rowland Penny rpenny at samba.org
Wed Feb 8 11:50:50 UTC 2023 


On 08/02/2023 11:46, Andrea Cucciarre wrote:
> Just to let you know that I can reproduce the same issue also on Samba 
> that comes with Ubuntu 22.04 (Version 4.15.13-Ubuntu).
> The debug logs shows that in the security token for user "andrea" the 
> Privileges are missing
> 
> [2023/02/08 10:06:05.624154,  5] 
> ../../libcli/security/security_token.c:57(security_token_debug)
>    Security token SIDs (13):
> <SNIP>
>     Privileges (0x               0):
>     Rights (0x               0):
> 
> If I use the "Administrator" user the Privileges are present in the 
> security token:
> 
> [2023/02/08 10:49:21.253173,  5] 
> ../../libcli/security/security_token.c:57(security_token_debug)
>    Security token SIDs (25):
> <SNIP>
>     Privileges (0x        1FFFFFF0):
>      Privilege[  0]: SeMachineAccountPrivilege
>      Privilege[  1]: SeTakeOwnershipPrivilege
>      Privilege[  2]: SeBackupPrivilege
>      Privilege[  3]: SeRestorePrivilege
>      Privilege[  4]: SeRemoteShutdownPrivilege
>      Privilege[  5]: SePrintOperatorPrivilege
>      Privilege[  6]: SeAddUsersPrivilege
>      Privilege[  7]: SeDiskOperatorPrivilege
>      Privilege[  8]: SeSecurityPrivilege
>      Privilege[  9]: SeSystemtimePrivilege
>      Privilege[ 10]: SeShutdownPrivilege
>      Privilege[ 11]: SeDebugPrivilege
>      Privilege[ 12]: SeSystemEnvironmentPrivilege
>      Privilege[ 13]: SeSystemProfilePrivilege
>      Privilege[ 14]: SeProfileSingleProcessPrivilege
>      Privilege[ 15]: SeIncreaseBasePriorityPrivilege
>      Privilege[ 16]: SeLoadDriverPrivilege
>      Privilege[ 17]: SeCreatePagefilePrivilege
>      Privilege[ 18]: SeIncreaseQuotaPrivilege
>      Privilege[ 19]: SeChangeNotifyPrivilege
>      Privilege[ 20]: SeUndockPrivilege
> 
> Since the following Samba command shows the privileges for user "andrea" 
> are present:
> 
> #  net rpc rights list 'HYPERFILE3\andrea' -S 10.50.50.85 -U administrator
> SeBackupPrivilege
> SeRestorePrivilege
> 
> then it seems a bug on how Samba fills the security token.
> 

It certainly seems to be something along those lines, the user 
definitely has the privilege, but the code doesn't seem to be using it.

Can you please open a Samba bug report.

Rowland

More information about the samba mailing list