summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/utils/smbcacls.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index de68963750..714f47b6f9 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -868,12 +868,21 @@ static bool set_secdesc(struct cli_state *cli, const char *filename,
uint16_t fnum = (uint16_t)-1;
bool result=true;
NTSTATUS status;
+ uint32_t desired_access = 0;
- /* The desired access below is the only one I could find that works
- with NT4, W2KP and Samba */
+ /* Make the desired_access more specific. */
+ if (sd->dacl) {
+ desired_access |= WRITE_DAC_ACCESS;
+ }
+ if (sd->sacl) {
+ desired_access |= SEC_FLAG_SYSTEM_SECURITY;
+ }
+ if (sd->owner_sid || sd->group_sid) {
+ desired_access |= WRITE_OWNER_ACCESS;
+ }
status = cli_ntcreate(cli, filename, 0,
- WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS,
+ desired_access,
0, FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN, 0x0, 0x0, &fnum);
if (!NT_STATUS_IS_OK(status)) {