apfstests/nfs4acl/delete.test

$ mkdir d
$ cd d

$ whoami
> root

$ id -Gn daemon
> daemon bin

$ mkdir n1
$ touch n1/f

$ mkdir d2 d3 d4 d5 d6 d7
$ touch d2/f d3/f d4/f d5/f d6/f d7/f d7/g
$ chown daemon d2
$ chgrp bin d3
$ chmod g+w d3
$ nfs4acl --set 'daemon:wx::allow' d4
$ nfs4acl --set 'daemon:d::allow' d5
$ nfs4acl --set 'daemon:xd::allow' d6
$ nfs4acl --set 'daemon:D::allow' d7/f d7/g
$ chmod 664 d7/g

$ mkdir s2 s3 s4 s5 s6 s7
$ chmod +t s2 s3 s4 s5 s6 s7
$ touch s2/f s3/f s4/f s5/f s6/f s7/f s7/g
$ chown daemon s2
$ chgrp bin s3
$ chmod g+w s3
$ nfs4acl --set 'daemon:wx::allow' s4
$ nfs4acl --set 'daemon:d::allow' s5
$ nfs4acl --set 'daemon:xd::allow' s6
$ nfs4acl --set 'daemon:D::allow' s7/f
$ nfs4acl --set 'daemon:D::allow' s7/g s7/g
$ chmod 664 s7/g

$ su daemon

Cannot delete files without permissions:
	$ rm n1/f
	> rm: cannot remove `n1/f': Permission denied

Can delete files we own:
	$ rm d2/f s2/f

Cannot delete files where we are in the owning group in a non-sticky directory,
but not in a sticky one:
	$ rm d3/f s3/f
	> rm: cannot remove `s3/f': Operation not permitted

"Write_data/execute" access does not include delete_child access, and so this
is not enough for deleting:
	$ rm d4/f s4/f
	> rm: cannot remove `d4/f': Permission denied
	> rm: cannot remove `s4/f': Permission denied

"Delete_child" access alone also is not sufficient:
	$ rm d5/f s5/f
	> rm: cannot remove `d5/f': Permission denied
	> rm: cannot remove `s5/f': Permission denied

"Execute/delete_child" on the directory does allow that, though, but only in
a non-sticky directory:
	$ rm d6/f s6/f
	> rm: cannot remove `s6/f': Operation not permitted

"Delete" on the child itself overrides the sticky check as well:
	$ rm d7/f s7/f

But Delete is not a subset of POSIX read/write, so chmod turns it off:
	$ rm d7/g s7/g
	> rm: cannot remove `d7/g': Permission denied
	> rm: cannot remove `s7/g': Permission denied

$ su
$ cd ..
$ rm -rf d