With a user of the group administrator but not the default administrator (ie. CN=Administrator,CN=Users,...) the SMB command fails with NT_ACCESS_DENIED.
My hypothesis is that the NT_SET_SECURITY_DESC tries to set a owner that is not the current user but domain admin groups and the command is most probably executing with the right of the user in Linux. As a simple user can not change ownership of a file it is reported as an error to samba which after report it to the caller.
Tridge can you have a look on this pb ?
Created attachment 5435 [details]
The function was trying to change owner/group but the user doing this might not have the root rights.
So I propose to become root during the time we change uid/gid.
I have to say, the use of become_root() spooks me. Please don't merge this until it has been carefully reviewed, and the change in our security architecture is approved.
I test it's ok no more access denied on this kind of request.