Ok, look... Your problem 1: all windows files are executable because the windows model for executable or not is proprietary and not supportable. It's also not clear why you should care about this in a shared directory.
Your problem 2: if we assume that a shared directory (rather than user specific directories) is the right approach, and if we also assume that each user's claim to a file name should deny write access to other users with that file name, we need to look at the permissions on the containing directory. In your case, you have drwxrwxr-x -- this means that everyone who is a member of the staff directory has the right to remove directory entries. If you do not want that, you need to change the permissions on the directory: http://man.openbsd.org/sticky.8 But, note that if you are changing the owner on the files to not match that of the user who created the files, you should expect that people will not be able to delete files that they themselves created. Your problem 3: this is a consequence of your having changed the owner of the file. Your file permissions say that only the owner can change the file. With this in mind, I think I can see how I would change things to match what you seem to be claiming that you want: (1) remove the user id mapping (2) set the sticky bit on the Shared directory. If you do not want this, I think you need to spend a little time thinking about what it is that you actually want, and whether or not that should even be possible. (So far, you have only mentioned an example uid value for a user as perhaps being an issue. This, combined with the subject line in this thread are the only clues I have as to why you might not have removed the user id mapping. But why this should even be an issue for you is unclear to me.) Thanks, -- Raul On Mon, Jun 12, 2017 at 12:58 PM, Rupert Gallagher <r...@protonmail.com> wrote: > On problem 2, > > if a user has group write permission on a folder, it has permission to write > its own files and those of same group membership in that folder, provided the > group permission is set on the file by its owner. If a file belongs to me and > I deny write permission to group and other, then nobody can write my file. > File creation and destruction are forms of writing. This is what I am used to > see. The ability of a windows nfs user to delete a file for which it has no > write permission is a security