[Samba] SeDiskOperatorPrivilege_Privilege
Rowland Penny
rpenny at samba.org
Tue Jun 11 16:34:28 UTC 2024
On Tue, 11 Jun 2024 09:26:29 -0700
Jeremy Allison via samba <samba at lists.samba.org> wrote:
> On Tue, Jun 11, 2024 at 05:20:53PM +0100, Rowland Penny wrote:
> >>
> >> So it looks like it's still checked if you're trying to modify
> >> share definitions via RPC (at least in the old S3 rpc server).
> >>
> >> Jeremy.
> >>
> >
> >I am not saying it isn't there, I am saying (and others have found
> >the same) that if you are setting share permissions from Windows,
> >then 'SeDiskOperatorPrivilege' doesn't seem to do anything, what
> >does count is that the user doing the change has ownership of the
> >share or is a member of the shares group, either must have full
> >control. To put it another way, you can set permissions from Windows
> >if no user or group has the 'SeDiskOperatorPrivilege' privilege.
>
> Share permissions don't seem to be set via NetShareSetInfo,
> and also the S4 RPC server doesn't check SeDiskOperatorPrivilege,
> only the S3 RPC server.
>
Oh Hum, we have only been saying for over 10 years, that you must set
the 'SeDiskOperatorPrivilege' if setting share permissions from Windows.
I will re-write the wikipage.
Rowland
More information about the samba
mailing list