From 15032ec6df1abbb53f1b1d5377aab369f83ae707 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 26 Apr 2019 17:07:20 +0200 Subject: [PATCH] python/ntacls: we only need security.SEC_STD_READ_CONTROL in order to get the ACL We should avoid security.SEC_FLAG_MAXIMUM_ALLOWED otherwise we may get NT_STATUS_SHARING_VIOLATION when we run 'samba-tool domain backup online' against a Windows DC. Windows DCs have hidden folders for the NtFrs or Dfsr services, which are locked by the running service. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13917 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme --- python/samba/ntacls.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py index 5bf646caf9f..82d950fbbc9 100644 --- a/python/samba/ntacls.py +++ b/python/samba/ntacls.py @@ -49,7 +49,7 @@ SECURITY_SECINFO_FLAGS = security.SECINFO_OWNER | \ # SEC_FLAG_SYSTEM_SECURITY is required otherwise get Access Denied SECURITY_SEC_FLAGS = security.SEC_FLAG_SYSTEM_SECURITY | \ - security.SEC_FLAG_MAXIMUM_ALLOWED + security.SEC_STD_READ_CONTROL class XattrBackendError(Exception): -- 2.11.4.GIT