I have a group of users, call it group. This group has a shared folder, call it shared.
What I want is users of the group to [create and read] [files AND directories] in this folder. And for the FILES I only want the owner of that file to be able to delete it. But for the FOLDERS I want only the owner to be able to delete it, once it's empty or only contains that user's file, but if it contains other users file not be able to delete that folder. (Or even no ability to delete folders at all).
The problem is now that when a user in this group creates a directory, let's call it subdir, that user needs read,write permission otherwise that user can't create files in there (because user permission go before group permissions: precedence.
d---rwx--T 4 root group shared
drwxrwx---T 4 user group subdir
-rwx------ 1 otheruser group file
But when I do this, this user can delete the files of other users in this subdir. Even with a sticky bit set, because the user has write permission for subdir.
So a solution I tought of was: for all created folders in shared set default user to root, but for files leave the default user to the user that created it. But I can not find out how to do this.
I tried looking into setfacl, setuid and setgid, but none of these seem to able to solve my problem.
This post says it's only possible by creating a "process that detects creation of the objects and changes the ACLs appropriately", but that post is outdated (8 years old).
I am sharing with samba portocol on Debian 10.