[Samba] SeDiskOperatorPrivilege_Privilege
Luis Peromarta
lperoma at icloud.com
Sun Jun 9 12:29:15 UTC 2024
Hi there,
I wonder if this is relevant on Active Directory or maybe is a thing of older NT4 style domains.
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs#Granting_the_SeDiskOperatorPrivilege_Privilege
I have tried setting up a member server with ad-idmap, and used a user “luis” (with uidNumber) from the Unix Admins group (that has gidNumber).
Unix Admins group is a member of the Domain Admins group, that has no gidNumber.
The share looks like this:
8.0K drwxrwx--- 2 luis unix admins 4.0K Jun 9 11:29 test
I also used:
vfs objects = acl_xattr
acl_xattr:ignore system acls = yes
I din’t need to grant any privilege(s). I just worked. Am I missing something ?
Maybe I need to grant the rights to users that are not admins so they can set up shares / permissions? How is this reflected in the Windows “security” tab of the share if at all ?
I wonder if these rights should be granted per server (like I have always done) ? Or else in a DC ?
Thanks,
LP
More information about the samba
mailing list