search for: sec_priv_disk_operator

...id == 0) or has the SeDiskOperatorPrivilege. Scripts defined in the delete share command parameter are executed as root. Looks like it is still checked (in master) in: _srvsvc_NetShareSetInfo() is_disk_op = security_token_has_privilege( session_info->security_token, SEC_PRIV_DISK_OPERATOR); /* fail out now if you are not root and not a disk op */ if (session_info->unix_token->uid != sec_initial_uid() && !is_disk_op) { DEBUG(2,("_srvsvc_NetShareSetInfo: uid %u doesn't have the " "SeDiskOper...

...d in 2010 and the commitdif contains this: +/* we have to define the LUID here due to a horrible check by printmig.exe + that requires the SeBackupPrivilege match what is in Windows. So match + those that we implement and start Samba privileges at 0x1001 */ + ................ + SEC_PRIV_DISK_OPERATOR = 0x1003, 2010 was before Samba 4 was released, so was this only really required for NT4-style domains ? Was having the 'SeDiskOperatorPrivilege' privilege meant to make you 'root' when working from Windows ? Who knows, all I can say is that it doesn't seem to do...

On Tue, 11 Jun 2024 15:52:45 +0100 Luis Peromarta via samba <samba at lists.samba.org> wrote: > Again, my exact same experience. > > LP > On Jun 11, 2024 at 14:58 +0100, Bailey Allison via samba > <samba at lists.samba.org>, wrote: > > Hey Rowland, > > > > Just wanted to say you are 100% correct, and it does (seemingly) > > nothing, at least

...ts defined in the delete share command > parameter are executed as root. > > > Looks like it is still checked (in master) in: > > _srvsvc_NetShareSetInfo() > > is_disk_op = security_token_has_privilege( > session_info->security_token, > SEC_PRIV_DISK_OPERATOR); > > /* fail out now if you are not root and not a disk op */ > > if (session_info->unix_token->uid != sec_initial_uid() && > !is_disk_op) { DEBUG(2,("_srvsvc_NetShareSetInfo: uid %u doesn't have > the " "SeDiskOperatorPrivileg...

...ns this: > > +/* we have to define the LUID here due to a horrible check by printmig.exe > + that requires the SeBackupPrivilege match what is in Windows. So match > + those that we implement and start Samba privileges at 0x1001 */ > + > ................ > + SEC_PRIV_DISK_OPERATOR = 0x1003, > > 2010 was before Samba 4 was released, so was this only really required for > NT4-style domains ? > Was having the 'SeDiskOperatorPrivilege' privilege meant to make you 'root' > when working from Windows ? > Who knows, all I can say is tha...

On Mon, 10 Jun 2024 08:33:13 +0100 Rowland Penny via samba <samba at lists.samba.org> wrote: > On Sun, 9 Jun 2024 18:52:39 +0100 > Luis Peromarta via samba <samba at lists.samba.org> wrote: > > > Update: > > > > I have revoked the privilege to BUILIN\Administratos. As before, no > > root mapping. > > > > root at member:/# net rpc rights