smbaudit log pointing that file deleted successfully
Mar 18 14:51:44 cswpp1 smbd_audit: CSW\abc|192.168.xx.xxx|SOFTWARE|unlink|ok|shiftinchargedownload/SplashScreen.dll
and below is ACL permission output of
shiftinchargedownload folder. where abc is member of
unvdfa group & he has read only rights.
# file:
shiftinchargedownload
# owner: CSW\134bis
# group: root
user::rwx
group::r-x
group:CSW\134software:r-x
group:CSW\134
unvdfa:r-x
group:BUILTIN\134users:r-x
group:CSW\134adeptsupt:r-x
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:CSW\134software:r-x
default:group:CSW\134unvdfa:r-x
default:group:BUILTIN\134users:r-x
default:group:CSW\134adeptsupt:r-x
default:mask::rwx
default
ther::---
After this event, user abc is unable to create/modify/delete files/folder under shiftinchargedownload.
Please reply in case any information needed to trace this event.