Displaying 20 results from an estimated 20 matches for "sediskoperatorprivilege_privilege".
2024 Jun 11
1
SeDiskOperatorPrivilege_Privilege
On Tue, 11 Jun 2024 19:06:25 +0100
Luis Peromarta via samba <samba at lists.samba.org> wrote:
> This is correct.
>
> Without the SeDiskOperatorPrivilege you can not change ?permission?
> tab.
>
> I had to grant the permission (I had I deleted before, its granted by
> default to BUILTIN\Administrators?)
>
> So:
>
> a) The privilege is needed to
2024 Jun 09
1
SeDiskOperatorPrivilege_Privilege
Hi there,
I wonder if this is relevant on Active Directory or maybe is a thing of older NT4 style domains.
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs#Granting_the_SeDiskOperatorPrivilege_Privilege
I have tried setting up a member server with ad-idmap, and used a user ?luis? (with uidNumber) from the Unix Admins group (that has gidNumber).
Unix Admins group is a member of the Domain Admins group, that has no gidNumber.
The share looks like this:
8.0K drwxrwx---? ?2 luis unix admins 4.0K J...
2024 Jun 09
1
SeDiskOperatorPrivilege_Privilege
Update:
I have revoked the privilege to BUILIN\Administratos. As before, no root mapping.
root at member:/# net rpc rights revoke "BUILTIN\Administrators" SeDiskOperatorPrivilege -U "MAD\luis"
Password for [MAD\luis]:
Successfully revoked rights.
root at member:/# net rpc rights list privileges SeDiskOperatorPrivilege -Uluis
Password for [MAD\luis]:
SeDiskOperatorPrivilege:
2024 Jun 11
1
SeDiskOperatorPrivilege_Privilege
Again, my exact same experience.
LP
On Jun 11, 2024 at 14:58 +0100, Bailey Allison via samba <samba at lists.samba.org>, wrote:
> Hey Rowland,
>
> Just wanted to say you are 100% correct, and it does (seemingly) nothing, at least within the context of setting Windows ACLs. I believe I have made a post on here a while ago with the same observation, I will see if I can find it.
>
2024 Jun 11
1
SeDiskOperatorPrivilege_Privilege
On Tue, Jun 11, 2024 at 05:20:53PM +0100, Rowland Penny wrote:
>>
>> So it looks like it's still checked if you're trying to modify
>> share definitions via RPC (at least in the old S3 rpc server).
>>
>> Jeremy.
>>
>
>I am not saying it isn't there, I am saying (and others have found the
>same) that if you are setting share permissions from
2024 Jun 11
1
SeDiskOperatorPrivilege_Privilege
On Tue, 11 Jun 2024 09:26:29 -0700
Jeremy Allison via samba <samba at lists.samba.org> wrote:
> On Tue, Jun 11, 2024 at 05:20:53PM +0100, Rowland Penny wrote:
> >>
> >> So it looks like it's still checked if you're trying to modify
> >> share definitions via RPC (at least in the old S3 rpc server).
> >>
> >> Jeremy.
> >>
>
2024 Jun 11
1
SeDiskOperatorPrivilege_Privilege
On 6/11/24 6:34 PM, Rowland Penny via samba wrote:
> Oh Hum, we have only been saying for over 10 years, that you must set
> the 'SeDiskOperatorPrivilege' if setting share permissions from Windows.
>
> I will re-write the wikipage.
iirc, as pointed out by Jeremy, we only need if for managing open files,
connected users asf in the MMC plugin.
-slow
-------------- next part
2024 Jun 11
1
SeDiskOperatorPrivilege_Privilege
On Tue, 11 Jun 2024 18:41:52 +0200
Ralph Boehme <slow at samba.org> wrote:
> On 6/11/24 6:34 PM, Rowland Penny via samba wrote:
> > Oh Hum, we have only been saying for over 10 years, that you must
> > set the 'SeDiskOperatorPrivilege' if setting share permissions from
> > Windows.
> >
> > I will re-write the wikipage.
>
> iirc, as pointed
2024 Jun 11
1
SeDiskOperatorPrivilege_Privilege
On 11.06.24 18:52, Rowland Penny via samba wrote:
> Can you please expand on that. From my testing (and others) the
> wikipage:
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
>
> Says: Only users and groups having the SeDiskOperatorPrivilege
> privilege granted can configure share permissions.
>
> The only problem is, that statement doesn't
2024 Jun 11
1
SeDiskOperatorPrivilege_Privilege
This is correct.
Without the SeDiskOperatorPrivilege you can not change ?permission? tab.
I had to grant the permission (I had I deleted before, its granted by default to BUILTIN\Administrators?)
So:
a) The privilege is needed to change??the Permission Tab
b) The privilege is granted to BUILTIN\Administrators by default.
Can someone confirm ?
LP
On Jun 11, 2024 at 18:58 +0100, Christian
2024 Jun 09
1
SeDiskOperatorPrivilege_Privilege
On Sun, 9 Jun 2024 16:53:30 +0100
Luis Peromarta via samba <samba at lists.samba.org> wrote:
> Mmm? strange ? Or is this what you were expecting ?
No
>
> root at member:/# net rpc rights list privileges SeDiskOperatorPrivilege
> -Uadministrator Password for [MAD\administrator]:
> Could not connect to server 127.0.0.1
> The username or password was not correct.
>
2024 Jun 10
1
SeDiskOperatorPrivilege_Privilege
On Sun, 9 Jun 2024 18:52:39 +0100
Luis Peromarta via samba <samba at lists.samba.org> wrote:
> Update:
>
> I have revoked the privilege to BUILIN\Administratos. As before, no
> root mapping.
>
> root at member:/# net rpc rights revoke "BUILTIN\Administrators"
> SeDiskOperatorPrivilege -U "MAD\luis" Password for [MAD\luis]:
> Successfully revoked
2024 Jun 11
1
SeDiskOperatorPrivilege_Privilege
On Tue, 11 Jun 2024 15:52:45 +0100
Luis Peromarta via samba <samba at lists.samba.org> wrote:
> Again, my exact same experience.
>
> LP
> On Jun 11, 2024 at 14:58 +0100, Bailey Allison via samba
> <samba at lists.samba.org>, wrote:
> > Hey Rowland,
> >
> > Just wanted to say you are 100% correct, and it does (seemingly)
> > nothing, at least
2024 Jun 11
1
SeDiskOperatorPrivilege_Privilege
...Ls.
Regards,
Bailey
> -----Original Message-----
> From: samba <samba-bounces at lists.samba.org> On Behalf Of Rowland
> Penny via samba
> Sent: June 11, 2024 6:21 AM
> To: samba at lists.samba.org
> Cc: Rowland Penny <rpenny at samba.org>
> Subject: Re: [Samba] SeDiskOperatorPrivilege_Privilege
>
> On Mon, 10 Jun 2024 13:38:21 +0100
> Rowland Penny via samba <samba at lists.samba.org> wrote:
>
> > On Mon, 10 Jun 2024 08:33:13 +0100
> > Rowland Penny via samba <samba at lists.samba.org> wrote:
> >
> > > On Sun, 9 Jun 2024 18:52:39 +0100...
2024 Jun 11
1
SeDiskOperatorPrivilege_Privilege
On Tue, 11 Jun 2024 09:08:54 -0700
Jeremy Allison via samba <samba at lists.samba.org> wrote:
> On Tue, Jun 11, 2024 at 05:04:11PM +0100, Rowland Penny wrote:
> >On Tue, 11 Jun 2024 15:52:45 +0100
> >Luis Peromarta via samba <samba at lists.samba.org> wrote:
> >
> >> Again, my exact same experience.
> >>
> >> LP
> >> On Jun 11,
2024 Jun 09
1
SeDiskOperatorPrivilege_Privilege
...9:15 +0100
Luis Peromarta via samba <samba at lists.samba.org> wrote:
> Hi there,
>
> I wonder if this is relevant on Active Directory or maybe is a thing
> of older NT4 style domains.
>
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs#Granting_the_SeDiskOperatorPrivilege_Privilege
>
> I have tried setting up a member server with ad-idmap, and used a
> user ?luis? (with uidNumber) from the Unix Admins group (that has
> gidNumber).
>
> Unix Admins group is a member of the Domain Admins group, that has no
> gidNumber.
>
> The share looks like this:...
2024 Jun 10
1
SeDiskOperatorPrivilege_Privilege
On Mon, 10 Jun 2024 08:33:13 +0100
Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Sun, 9 Jun 2024 18:52:39 +0100
> Luis Peromarta via samba <samba at lists.samba.org> wrote:
>
> > Update:
> >
> > I have revoked the privilege to BUILIN\Administratos. As before, no
> > root mapping.
> >
> > root at member:/# net rpc rights
2024 Jun 11
1
SeDiskOperatorPrivilege_Privilege
On Tue, Jun 11, 2024 at 05:04:11PM +0100, Rowland Penny wrote:
>On Tue, 11 Jun 2024 15:52:45 +0100
>Luis Peromarta via samba <samba at lists.samba.org> wrote:
>
>> Again, my exact same experience.
>>
>> LP
>> On Jun 11, 2024 at 14:58 +0100, Bailey Allison via samba
>> <samba at lists.samba.org>, wrote:
>> > Hey Rowland,
>> >
2024 Jun 11
2
SeDiskOperatorPrivilege_Privilege
On Mon, 10 Jun 2024 13:38:21 +0100
Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Mon, 10 Jun 2024 08:33:13 +0100
> Rowland Penny via samba <samba at lists.samba.org> wrote:
>
> > On Sun, 9 Jun 2024 18:52:39 +0100
> > Luis Peromarta via samba <samba at lists.samba.org> wrote:
> >
> > > Update:
> > >
> > > I
2024 Jun 09
2
SeDiskOperatorPrivilege_Privilege
...mba <samba at lists.samba.org> wrote:
>
> > Hi there,
> >
> > I wonder if this is relevant on Active Directory or maybe is a thing
> > of older NT4 style domains.
> >
> > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs#Granting_the_SeDiskOperatorPrivilege_Privilege
> >
> > I have tried setting up a member server with ad-idmap, and used a
> > user ?luis? (with uidNumber) from the Unix Admins group (that has
> > gidNumber).
> >
> > Unix Admins group is a member of the Domain Admins group, that has no
> > gidNumber.
>...