[Samba] SeDiskOperatorPrivilege_Privilege

Luis Peromarta lperoma at icloud.com
Sun Jun 9 12:29:15 UTC 2024

Hi there,

I wonder if this is relevant on Active Directory or maybe is a thing of older NT4 style domains.


I have tried setting up a member server with ad-idmap, and used a user “luis” (with uidNumber) from the Unix Admins group (that has gidNumber).

Unix Admins group is a member of the Domain Admins group, that has no gidNumber.

The share looks like this:

8.0K drwxrwx---   2 luis unix admins 4.0K Jun  9 11:29 test

I also used:

vfs objects = acl_xattr
acl_xattr:ignore system acls = yes

I din’t need to grant any privilege(s). I just worked. Am I missing something ?

Maybe I need to grant the rights to users that are not admins so they can set up shares / permissions? How is this reflected in the Windows “security” tab of the share if at all ?

I wonder if these rights should be granted per server (like I have always done) ? Or else in a DC ?



More information about the samba mailing list