Sticky bit directory not behaving as expected when accessed by Active Directory accounts via Samba

slightly_toasted

1/17/23, 5:01 PM

I have a CentOS Samba server that is domain joined to an Active Directory domain controller for authentication.

My understanding is setting the sticky bit on a directory will prevent any children from being moved or deleted by anyone except root and the owner.

This configuration behaves as expected when accessed by local users. E.g. A non-root, non-owner attempting to delete or move a file inside the sticky bit directory will receive a Permission denied error.

However, when doing the same via the Samba share while logged in as an AD account, I am able to delete and move the children of the sticky bit directory.

How come AD users aren't subject to the same restrictions as local users?

And how can I prevent AD users from moving/deleting children of a sticky bit directory?

0 + 0

permissions

active-directory

centos

samba

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Sticky bit directory not behaving as expected when accessed by Active Directory accounts via Samba

TH: ไดเร็กทอรี Sticky bit ไม่ทำงานตามที่คาดไว้เมื่อเข้าถึงโดยบัญชี Active Directory ผ่าน Samba

RO: Directorul Sticky Bit nu se comportă așa cum era de așteptat atunci când este accesat de conturile Active Directory prin Samba

RU: Каталог Sticky Bit ведет себя не так, как ожидалось, при доступе к учетным записям Active Directory через Samba

VI: Thư mục bit dính không hoạt động như mong đợi khi được truy cập bởi các tài khoản Active Directory qua Samba

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.