[Samba] SeDiskOperatorPrivilege_Privilege
Rowland Penny
rpenny at samba.org
Mon Jun 10 07:33:13 UTC 2024
On Sun, 9 Jun 2024 18:52:39 +0100
Luis Peromarta via samba <samba at lists.samba.org> wrote:
> Update:
>
> I have revoked the privilege to BUILIN\Administratos. As before, no
> root mapping.
>
> root at member:/# net rpc rights revoke "BUILTIN\Administrators"
> SeDiskOperatorPrivilege -U "MAD\luis" Password for [MAD\luis]:
> Successfully revoked rights.
>
> root at member:/# net rpc rights list privileges SeDiskOperatorPrivilege
> -Uluis Password for [MAD\luis]:
> SeDiskOperatorPrivilege:
>
> Reboot. Or else 'net cache flush && /etc/init.d/winbind restart &&
> /etc/init.d/smbd restart'
>
> I have delete and re-created the folder for there share (/test),
> chown luis:”unix admins”, and chmod 0770
>
> I still can set up the share from Windows no problem.
>
> LP
That means one of two things, either once the group has inherited the
privilege it retains it, even if the parent group loses it. Or the
privileges are not actually required by AD.
More investigation to follow.
Rowland
More information about the samba
mailing list