CIFS - How to assign ownership to another user?

[drash]

Hello,

I'm running FreeNAS 9.2.1.8 in a Windows environment.
I have some CIFS shares set with the adequate windows options.

Backup jobs are scheduled using Syncback, and options to preserve ACLs are activated.
However when a file is copied, he get owned by the user running the backup job. Syncback try to assign the ownership to the original file owner, but it fails with error: Access is denied.

I tried to make this assignment manually, through windows security GUI, but it fails exactly the same way.
When I log with the original file owner account, I'm able to take the ownership of the file created by Syncback.

I made several tests without Syncback, just trying to assign ownership to another user, and it also fails.

So the question is: How to assign ownership to another user from the current owner account?
Any specific option to set within FreeNAS??

Referring to this bulletin, it should be possible : http://technet.microsoft.com/en-us/magazine/ff404240.aspx

Here is a small scenario giving you the opportunity to test this on your system.

User A create file X.txt
User A and B have full control on file X.txt
User A assign ownership of file X.txt to user B -> Fails: Access denied
User B take over ownership on file X.txt -> Ok​

Thank you

 

[anodos]

You may need to assign SeDiskOperatorPrivilege to the group in question. Syntax is like this

Code:

net rpc rights grant 'SAMDOM\Domain Admins' SeDiskOperatorPrivilege -Uadministrator 

The above command will grant "SeDiskOperatorPrivilege" to the 'Domain Admin' group in the domain SAMDOM.

For more information about this and similar "net rpc" commands see documentation here: https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html

This document states the following:

Clicking on the Ownership button brings up a dialog box telling you who owns the given file. The owner name will be displayed like this:

SERVER\user (Long name)

SERVER is the NetBIOS name of the Samba server, user is the username of the UNIX user who owns the file, and (Long name) is the descriptive string identifying the user (normally found in the GECOS field of the UNIX password database). Click on the Close button to remove this dialog.

If the parameter nt acl support is set to false, the file owner will be shown as the NT user Everyone.

The Take Ownership button will not allow you to change the ownership of this file to yourself (clicking it will display a dialog box complaining that the user as whom you are currently logged onto the NT client cannot be found). The reason for this is that changing the ownership of a file is a privileged operation in UNIX, available only to the root user. Because clicking on this button causes NT to attempt to change the ownership of a file to the current user logged into the NT client, this will not work with Samba at this time.

There is an NT chown command that will work with Samba and allow a user with administrator privilege connected to a Samba server as root to change the ownership of files on both a local NTFS file system or remote mounted NTFS or Samba drive. This is available as part of the Seclib NT security library written by Jeremy Allison of the Samba Team and is downloadable from the main Samba FTP site.

I can confirm that changing ownership works when FreeNAS is an AD member server.