On 07/02/2023 12:23, Andrea Cucciarre via samba wrote:> Hello,
>
> I am struggling to change the owner of directories in Samba share, from a
> windows client.
> In the Samba logs I can see the following error message:
>
> [2023/02/06 13:23:31.624803, 3]
> ../../source3/modules/nfs4_acls.c:1042(smb_set_nt_acl_nfs4)
> chown New folder, 11150, 4294967295 failed. Error >
NT_STATUS_INVALID_OWNER.
>
> This points to the try_chown() in samba code, and as far as I can see it
> should allow the chown if the user has the SeRestorePrivilege.
> From windows I have added the SeRestorePrivilege to that user, and
actually
> it seems samba can see it:
>
> # net rpc rights list 'DOMAIN\user' -S X.X.X.X -U Administrator
> SeBackupPrivilege
> SeRestorePrivilege
>
> So I can't understand why Samba doesn't recognize the
SeRestorePrivilege
> when handling a chown.
>
>
> Regards
> Andrea
I think we are going to need more info here, starting with the current
smb.conf (as shown by 'testparm -s'), the output of 'getent passwd
DOMAIN\\user', the permissions set on the directory at the moment.
Your error message seems to be coming from the block of code in try_chown:
/* only allow chown to the current user. This is more secure,
and also copes with the case where the SID in a take ownership ACL is
a local SID on the users workstation
*/
if (uid != get_current_uid(fsp->conn)) {
return NT_STATUS_INVALID_OWNER;
}
Rowland