Can anybody provide the expected response to an SMB2 CREATE request that includes ACCESS_SYSTEM_SECURITY in the DesiredAccess mask? I’m particularly interested in cases where the SMB client is connected as an authenticated user with administrative (superuser) privileges on the share, and has made the request on a directory. Should such a client expect full (read/change) access to the SACL (under any conditions)?
The question above is theoretical in nature. Practically speaking, does any version of the Samba server respond correctly to the request described above? I have a Windows application that makes such a request, and have tested it against Samba server versions 3.5.10-125.el6 and 3.6.7. I keep seeing a response of NT_STATUS_PRIVILEGE_NOT_HELD, and think that's not the correct response when the client has superuser privileges - but perhaps my expectation is wrong. If I make the same request while connected to a share on a Windows server, the response is NT_STATUS_OK. Is there a Samba server configuration change I could make that would affect the behavior? Is there any setup work to do prior to sending the SMB2 CREATE request (for example, adding a privilege)? Thanks, Steve Tice stic6...@gmail.com <stic6...@yahoo.com> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba