Re: [Samba] administrator does not have permission
- Date: Mon, 20 Nov 2017 22:01:52 +0000
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] administrator does not have permission
On Mon, 20 Nov 2017 15:38:28 -0600
Robert Wooden <bob@xxxxxxxxxxxxxxxxxx> wrote:
> I have been reading and rereading the wiki and I did "your
> suggestions" yesterday when I discovered the missing krb5.conf.
> Have begun looking into acl permissions.
> But, for the life of me, I cannot figure out why the administrator
> would not have "builtin" permissions to always be able to look at,
> change, or adjust file permissions. How can the administrator
> permissions ability just disappear . . . well, I had an issue with
> krb5 not working correctly before I made these adjustments and now
> kerberos IS working correctly.
Administrator does have these 'builtin' permissions, but only on
On Unix the 'root' user has the same sort of authority, this is why you
map 'Administrator' to 'root' in the user.map. This means when you set
ACLs from windows to a Unix share as Administrator, it is actually root
that sets them.
Try running 'getent passwd Administrator' on the Unix domain member, if
you get an output, then you need to find out why, because you shouldn't.
You can check Administrators privileges with:
net rpc rights list -UAdministrator
If you run the above on the Unix domain member, you should get
something like this:
SeMachineAccountPrivilege Add machines to domain
SeTakeOwnershipPrivilege Take ownership of files or other objects
SeBackupPrivilege Back up files and directories
SeRestorePrivilege Restore files and directories
SeRemoteShutdownPrivilege Force shutdown from a remote system
SePrintOperatorPrivilege Manage printers
SeAddUsersPrivilege Add users and groups to the domain
SeDiskOperatorPrivilege Manage disk shares
SeSecurityPrivilege System security
To unsubscribe from this list go to the following URL and read the