Hello Rowland,
Yes, that is also my understanding.
However, since we have a Samba command that recognize the SEC_PRIV_RESTORE
for that user (command "net rpc rights..."), then why does the
try_chown()
believe there's no such privilege?
My guess is that for some reason (bug?) it's not in the security token.
Regards
Andrea
On Tue, Feb 7, 2023 at 6:08 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
>
>
> On 07/02/2023 15:35, Andrea Cucciarre wrote:
> > Hello Rowland,
> >
> > If has_restore_priv is true it runs SMB_VFS_FCHOWN as root:
>
> Yes you are correct, I do not write 'C' and read it just a bit more
:-D
>
> >
> > ===> > if (has_take_ownership_priv || has_restore_priv) {
> > status = NT_STATUS_OK;
> > become_root();
> > ret = SMB_VFS_FCHOWN(fsp, uid, gid);
> > if (ret != 0) {
> > status = map_nt_error_from_unix(errno);
> > }
> > unbecome_root();
> > return status;
> > ===>
> The problem is that it should (by my reading) return either
> 'NT_STATUS_OK' or what 'map_nt_error_from_unix(errno)'
would return and
> as far as I can see, that cannot return 'NT_STATUS_INVALID_OWNER'
>
> To me, this looks like,for some reason, the users restore privilege is
> being ignored, that block of code is being ignored and it is dropping
> down to the block of code where the user supplied is checked against the
> actually user that is connected and if they do not match, then you get
> the message 'NT_STATUS_INVALID_OWNER'.
>
> >
> > It' Solaris Unix.
> >
> >
> What version of Samba is this ?
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Andrea Cucciarre'
Global Technical Support Manager
Cloudian Inc.