You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@manifoldcf.apache.org by Aeham Abushwashi <ae...@exonar.com> on 2016/09/09 15:23:05 UTC
Crawling SMB shares with no permission
Hello,
I normally crawl Windows file shares with the (smb) shared drive connector
and jcifs and this works pretty well. I’m now in a situation where I need
to crawl a couple of file servers where different shares and subdirectories
are configured with different sets of permissions and I need to do this
without access to admin accounts!
In other words looking for a way to ‘legitimately’ bypass permission
checking (yes, I know how that sounds).
One option I’ve explored relies on the use of the Backup Operators group.
Membership of this group allows an account to read files without
file/directory level permissions. However, as far as I can tell there are
two restrictions 1) this only works if the software is reading local files
and 2) the client application needs to make an explicit Win32 API call with
a specific parameter in order for permission checking to be bypassed
(assuming of course the account is a member of Backup Operators).
Has anyone encountered this problem before?
Many thanks,
Aeham
Re: Crawling SMB shares with no permission
Posted by Karl Wright <da...@gmail.com>.
Hi Aeham,
I don't think I know of any case that this has been tried.
Karl
On Fri, Sep 9, 2016 at 11:23 AM, Aeham Abushwashi <
aeham.abushwashi@exonar.com> wrote:
> Hello,
>
> I normally crawl Windows file shares with the (smb) shared drive connector
> and jcifs and this works pretty well. I’m now in a situation where I need
> to crawl a couple of file servers where different shares and subdirectories
> are configured with different sets of permissions and I need to do this
> without access to admin accounts!
> In other words looking for a way to ‘legitimately’ bypass permission
> checking (yes, I know how that sounds).
>
> One option I’ve explored relies on the use of the Backup Operators group.
> Membership of this group allows an account to read files without
> file/directory level permissions. However, as far as I can tell there are
> two restrictions 1) this only works if the software is reading local files
> and 2) the client application needs to make an explicit Win32 API call with
> a specific parameter in order for permission checking to be bypassed
> (assuming of course the account is a member of Backup Operators).
>
> Has anyone encountered this problem before?
>
> Many thanks,
> Aeham
>