[Samba] SeDiskOperatorPrivilege and username map...
Rowland Penny
rpenny at samba.org
Mon Nov 10 14:57:46 UTC 2025
On Mon, 10 Nov 2025 13:06:56 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
>
> This wiki page is still effective?
>
> https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting#SeDiskOperatorPrivilege_can't_be_set
>
> seems to me that a user that is (directly or indirectly) member of
> BULTIN\Administrators, so particulary 'SAMDOM\Domain Admins', have
> just SeDiskOperatorPrivilege on all the shares...
That is correct, you do not have to set that privilege on users that
are members of Domain Admins.
>
> I think that mapping Admnistrator to root is still a good idea and
> does not harm, but... it is still needed?
Not from my testing, Administrator gets its permissions (and hence the
SeDiskOperatorPrivilege) from being a member of the Administrators
group.
I haven't set the 'min domain uid' parameter in the smb.conf file, or
given any user the SeDiskOperatorPrivilege, for quite sometime.
Rowland
More information about the samba
mailing list