Web lists-archives.com

Re: [Samba] administrator does not have permission

On Mon, 20 Nov 2017 15:38:28 -0600
Robert Wooden <bob@xxxxxxxxxxxxxxxxxx> wrote:

> I have been reading and rereading the wiki and I did "your
> suggestions" yesterday when I discovered the missing krb5.conf.
> Have begun looking into acl permissions.
> But, for the life of me, I cannot figure out why the administrator
> would not have "builtin" permissions to always be able to look at,
> change, or adjust file permissions. How can the administrator
> permissions ability just disappear . . . well, I had an issue with
> krb5 not working correctly before I made these adjustments and now
> kerberos IS working correctly.

Administrator does have these 'builtin' permissions, but only on
Windows ;-)
On Unix the 'root' user has the same sort of authority, this is why you
map 'Administrator' to 'root' in the user.map. This means when you set
ACLs from windows to a Unix share as Administrator, it is actually root
that sets them.

Try running 'getent passwd Administrator' on the Unix domain member, if
you get an output, then you need to find out why, because you shouldn't.

You can check Administrators privileges with:

net rpc rights list -UAdministrator

If you run the above on the Unix domain member, you should get
something like this:

     SeMachineAccountPrivilege  Add machines to domain
      SeTakeOwnershipPrivilege  Take ownership of files or other objects
             SeBackupPrivilege  Back up files and directories
            SeRestorePrivilege  Restore files and directories
     SeRemoteShutdownPrivilege  Force shutdown from a remote system
      SePrintOperatorPrivilege  Manage printers
           SeAddUsersPrivilege  Add users and groups to the domain
       SeDiskOperatorPrivilege  Manage disk shares
           SeSecurityPrivilege  System security


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba