I know a little about ACLs from long ago experience, but have never checked them out in OSX (currently I have 10.6.7 -standard, non-server on a stand-alone iMac). I just noticed that some non-admin user accounts I created a while ago (changer and Test) have an ACE of everyone:deny delete.
My own admin account doesn't have an ACL nor does a non-admin account that I created today.
I'm confused.
A) Doesn't that mean that no files can be deleted by anyone from those directories (changer & Test)?
B) Any idea about how they got there?
This is my /Users directory
mimac:~ frank$ ls -le /Users
total 0
drwxrwxrwt 4 root wheel 374 Sep 25 2010 Shared
drwxr-xr-x+ 15 Test staff 612 Dec 2 13:11 Test
0: group:everyone deny delete
drwxr-xr-x+ 11 changer staff 510 Apr 1 00:07 changer
0: group:everyone deny delete
drwxr-xr-x@ 67 frank admin 3536 Apr 4 16:06 frank
drwxr-xr-x 11 newone staff 408 Apr 6 02:07 newone
Best Answer
As churnd notes, it's a default entity, though it's not on /Users, but on the home directories themselves, populated under /Users, intended to prevent accidental deletion.
It's there by default during creation of home dirs, because new home directories are created based on a template found in /System/Library/User Template. It's these files that have their ACLs specified in a property list.
On 10.6, in /var/db/receipts directory, the default ACLs are specified in property lists. Below is an example, where I'm using the defaults command to read the PathACLs key in one of the primary .plist files created when the OS was initially installed.
This example snippit shows group:deny everyone delete for things like /Applications directory, but also folders in /System/Library/User Template/English — it's that folder that is the source for how new home directories appear when created using the PrefPane or createhomedir command.