The Samba-Bugzilla – Bug 7711
ACL module: support the tree delete right
Last modified: 2012-12-04 10:53:01 UTC
At the moment we handle tree deletes as if they would be normal deletes regarding the ACLs.
But this is not the Windows behaviour. If you've got there the TREE_DELETE right on the base object and send then the TREE_DELETE control you are able to delete all subobjects fully independently of their security descriptors (beside other checks as system flags and similar which remain).
Source: MS-ADTS 126.96.36.199.5.7
Yeah, that's true. At the time the acl module was created we did not support the delete tree operation. I'll fix it when I have the time.
I'll upload patches for 4.0
Metze says this one is fixed in 4.0.0rc6 (with the patches for bug #8621).
Closing out bug report.