The Samba-Bugzilla – Bug 3348
File in sticky dir can be opened with DELETE_ACCESS by user without write permssion
Last modified: 2006-01-01 09:01:22 UTC
In smbd/posix_acls.c, can_delete_file_in_directory() returns
"True" without checking if a user has write permission, if
a directory has the sticky bit set and owned by the user.
If the directory has the sticky bit set, any user can open
all files with DELETE_ACCESS access mask in the directory.
This problem is NOT a security violation because acutual
delete operation is failed by permission denied error,
but confuses users in some cases.
Created attachment 1630 [details]
Good catch ! Applied, thanks - will be in 3.0.22.