On Tue, Mar 3, 2015 at 11:52 AM, pisymbol . <pisymbol@xxxxxxxxx> wrote: > A colleague and I just witnessed that we could not write an access > time of a file on a CIFS mount using CentOS 6.5 despite the fact we > mounted it with "Backup Intent." > > My current theory is that via CIFS, the DACL checks still apply > because Window backup clients use a different API to access files. > However, I'm not 100% sure. BackupIntent is only useful if you also have SeBackupPrivilege or SeRestorePrivilege or both. That is why it worked when you added BackupOperators, because privileges are associated with groups. > Notes: > > - The machine was joined to AD > - The account we used to mount was in the domain's Backup Operators group. > - We used backupuid=0 (root) when we mounted the share. > > After adding the the Backup Operators group to the share, we were able > to successfully restore access times and everything just worked. > > Is it true that via purely SMB/CIFS, you don't entirely get around > normal DACLs checks via mount.cifs? How does this work within CIFS? > > Thanks! > > -aps (Alex) > -- > To unsubscribe from this list: send the line "unsubscribe linux-cifs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操) -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
