diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index be9e601bb15..baf6619afdf 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -3269,6 +3269,21 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
+	/*
+	 * Ensure we can't create a file with delete on close
+	 * if we don't have delete access.
+	 */
+	if (create_options & FILE_DELETE_ON_CLOSE) {
+		if ((access_mask & DELETE_ACCESS) == 0) {
+			DBG_INFO("DELETE_ON_CLOSE reqested for "
+				 "file %s but no DELETE access\n",
+				 smb_fname_str_dbg(smb_fname));
+			errno = EACCES;
+			return NT_STATUS_ACCESS_DENIED;
+		}
+	}
+
+
 	fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
 	fsp->share_access = share_access;
 	fsp->fh->private_options = private_flags;