Skip to main content
NetApp Knowledge Base

Unable to reassign ownership of files in CIFS share due to SeRestorePrivilege missing

  1. Last updated
  2. Save as PDF
Views:
4,496
Visibility:
Public
Votes:
3
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

  • ONTAP 9 
  • Microsoft Windows
  • RoboCopy
  • Windows PowerShell

Issue

  • Unable to reassign ownership or change ownership of files within a CIFS share.
  • The client may report one of these errors:
    • An error occurred while applying security information to: <path to share> The security ID may not be assigned as the owner of this object.
    • Unable to set new owner on <folder name>. You do not have the Restore privilege required to set this user/group as owner.
    • ERROR 1307 (0x0000051B) Copying NTFS Security to Destination Directory. This security ID may not be assigned as the owner of this object.
  • User has no SeRestorePrivilege assigned

::*> vserver services access-check authentication show-creds -node cluster1-01 -vserver svm1 -win-name DOMAIN\Administrator
 
 UNIX UID: root <> Windows User: DOMAIN\Administrator (Windows Domain User)

 GID: daemon
 Supplementary GIDs:
  daemon  
 
 Primary Group SID: DOMAIN\Domain Users (Windows Domain group)

 Windows Membership:
  DOMAIN\Group Policy Creator Owners (Windows Domain group)
  DOMAIN\Domain Admins (Windows Domain group)
  DOMAIN\Domain Users (Windows Domain group)
  DOMAIN\Schema Admins (Windows Domain group)
  DOMAIN\Enterprise Admins (Windows Domain group)
  DOMAIN\Denied RODC Password Replication Group (Windows Alias)
  Service asserted identity (Windows Well known group)
  BUILTIN\Administrators (Windows Alias)
  BUILTIN\Users (Windows Alias)
 User is also a member of Everyone, Authenticated Users, and Network Users  

 Privileges (0x22b7):
  SeBackupPrivilege
  SeTakeOwnershipPrivilege
  SeSecurityPrivilege
  SeChangeNotifyPrivilege

Note: The vserver services access-check authentication show-creds command is available in the advanced privilege level starting in ONTAP 9.4.  On prior releases, use the diag secd authentication show-creds command at the diagnostics privilege level.

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.