[Samba] SeDiskOperatorPrivilege_Privilege
Luis Peromarta
lperoma at icloud.com
Sun Jun 9 17:52:39 UTC 2024
Update:
I have revoked the privilege to BUILIN\Administratos. As before, no root mapping.
root at member:/# net rpc rights revoke "BUILTIN\Administrators" SeDiskOperatorPrivilege -U "MAD\luis"
Password for [MAD\luis]:
Successfully revoked rights.
root at member:/# net rpc rights list privileges SeDiskOperatorPrivilege -Uluis
Password for [MAD\luis]:
SeDiskOperatorPrivilege:
Reboot. Or else 'net cache flush && /etc/init.d/winbind restart && /etc/init.d/smbd restart'
I have delete and re-created the folder for there share (/test), chown luis:”unix admins”, and chmod 0770
I still can set up the share from Windows no problem.
LP
On Jun 9, 2024 at 17:13 +0100, Rowland Penny via samba <samba at lists.samba.org>, wrote:
>
>
> Now what does this mean ? As you have proved, by default,
> BUILTIN\Administrators has the SeDiskOperatorPrivilege and guess what
> group is a default member of BUILTIN\Administrators, yes, it's Domain
> Admins. this means you do not have to give Domain Admins the
> SeDiskOperatorPrivilege, it already gets it from BUILTIN\Administrators.
>
> I will update the wikipage.
>
>
More information about the samba
mailing list