[Samba] SeDiskOperatorPrivilege_Privilege

Jeremy Allison jra at samba.org
Tue Jun 11 16:26:29 UTC 2024

On Tue, Jun 11, 2024 at 05:20:53PM +0100, Rowland Penny wrote:
>> So it looks like it's still checked if you're trying to modify
>> share definitions via RPC (at least in the old S3 rpc server).
>> Jeremy.
>I am not saying it isn't there, I am saying (and others have found the
>same) that if you are setting share permissions from Windows, then
>'SeDiskOperatorPrivilege' doesn't seem to do anything, what does count
>is that the user doing the change has ownership of the share or is a
>member of the shares group, either must have full control. To put it
>another way, you can set permissions from Windows if no user or group
>has the 'SeDiskOperatorPrivilege' privilege.

Share permissions don't seem to be set via NetShareSetInfo,
and also the S4 RPC server doesn't check SeDiskOperatorPrivilege,
only the S3 RPC server.

More information about the samba mailing list