Score:0

Sticky bit directory not behaving as expected when accessed by Active Directory accounts via Samba

bd flag

I have a CentOS Samba server that is domain joined to an Active Directory domain controller for authentication.

My understanding is setting the sticky bit on a directory will prevent any children from being moved or deleted by anyone except root and the owner.

This configuration behaves as expected when accessed by local users. E.g. A non-root, non-owner attempting to delete or move a file inside the sticky bit directory will receive a Permission denied error.

However, when doing the same via the Samba share while logged in as an AD account, I am able to delete and move the children of the sticky bit directory.

How come AD users aren't subject to the same restrictions as local users?

And how can I prevent AD users from moving/deleting children of a sticky bit directory?

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.