Joseph L. Casale wrote:
> I haven't really done a lot with file sharing in Samba and seem
> to be missing something here. I have a folder, /Share that has
>
> [root@host ~]# getfacl /Share /
> getfacl: Removing leading '/' from absolute path names
> # file: Share
> # owner: root
> # group: ad\040sec\040group
> user::rwx
> group::rwx
> other::---
>
> It is also a mount point for a partition, so it has a lost+found that
> is set 700 root:root. The share perms are:
>
> [Share]
> comment = ...
> path = /Share
> browseable = no
> writable = no
> guest ok = no
> printable = no
> write list = @"DOMAIN+Domain Admins",@"DOMAIN+ad sec
group"
>
> Why can users other than root manipulate the name of lost+found but
> obviously not execute it, and enter it? Same if root makes a test
> directory under /Share and sets it 700, users connected to the share
> cannot access it, but can modify its name and/or delete it?
>
> Thanks!
> jlc
Because on Unix (unlike Windows) these operations are controlled by the
permissions of the *parent* directory.
Since users in the "ad sec group" have rwx permissions on /Share, they
are
able to create / delete / rename files and directories inside /Share.