I created dir and denied removing an removing of subdirs and files for a user and allowed reading, writing, creating, ... On the local disk (and on a Windows XP share, too) I'm not allowed to remove and rename sub dirs and files, but I can create and write. Sambas acl_xattr allows removing files and dirs.
Created attachment 6001 [details] Wireshark tcp dump - WinXP I get access to (169.254.134.81) \\XPTEST2\b\neu\, create and try to remove "Neuer Ordner (3)" and get a STATUS_ACCESS_DENIED
Created attachment 6003 [details] Wireshark tcp dump - Samba 3.5 I get access to (169.254.134.76) \\BBTESTSRV\TESTSHARE\new\, create and try to remove "Neuer Ordner" and get a STATUS_SUCCESS
Additional test: If I additionally allow "write" I'm not allowed to remove the file, which is correct because "modify" is not enabled. The additional "modify" allows to remove the file again. The Windows XP share shows the same. So the additional "modify" is stronger than deny delete child objects in the extended attributes.
Jeremy, I think this is yours. Volker