> > On Tue, Dec 18, 2012 at 12:24:04PM -0600, Steve Tice wrote: > > > Can anybody provide the expected response to an SMB2 CREATE request that > > > includes ACCESS_SYSTEM_SECURITY in the DesiredAccess mask? I’m particularly > > > interested in cases where the SMB client is connected as an authenticated > > > user with administrative (superuser) privileges on the share, and has made > > > the request on a directory. Should such a client expect full (read/change) > > > access to the SACL (under any conditions)? > > > > > > The question above is theoretical in nature. Practically speaking, does any > > > version of the Samba server respond correctly to the request described > > > above? I have a Windows application that makes such a request, and have > > > tested it against Samba server versions 3.5.10-125.el6 and 3.6.7. I keep > > > seeing a response of NT_STATUS_PRIVILEGE_NOT_HELD, and think that's not the > > > correct response when the client has superuser privileges - but perhaps my > > > expectation is wrong. If I make the same request while connected to a share > > > on a Windows server, the response is NT_STATUS_OK. > > > > > > Is there a Samba server configuration change I could make that would affect > > > the behavior? Is there any setup work to do prior to sending the SMB2 > > > CREATE request (for example, adding a privilege)?
With all humility, please accept my apology for making a false claim on this topic. In my test bed, another factor (specifically a FUSE implementation) was found to be the root cause of the unexpected server behavior. With the root cause now corrected, my test bed with Samba 3.5.10-125.el6 is behaving as expected and is passing the previously posted test case. To summarize, there is no Samba bug associated with clients that want SYSTEM_SECURITY access to a share. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba