We have a FAS3240 that is using LDAP (OpenLDAP) for authentication to the network shares. One item we've noticed that we can rename a mounted directory. We would like to prevent this from being a possibility.
If we remove the group ownership, the directory isn't visible when attempting to mount.
drwxrwx--- 16 root
4096 Nov 21 2012 pws-de
The pws-de mount is owned by root:bt. bt is an LDAP group.
My user is a member of bt so that when I go to Finder > Go > Connect to Server and do: smb://share/PHRG/ and authenticate, I see a list of available Qtrees that I have access to in Finder.
The problem is, if I single click on the pws-de directory, I have the ability to rename. I need to allow the ability for write access to directories & files within pws-de, but prevent the pws-de directory from being renamed.
Any suggestions on how to lock this down is greatly appreciated?