I am looking for information one way or the other. Should users have Full Control over their Home folder in terms of permissions? Our environment is Samba AD-based, with Samba file servers. The user home folders are in \\example\Users\%USERNAME%, and currently allow the CREATOR OWNER to have Full Control.
The belief among some of the technical staff is that this is too much - it would enable a user to give control of their folder to another user. I see no issue with this, as it's their files, and they're responsible.
The current proposition is to change the ownership to the Domain Administrator, and add each user to their own folder with Read and Write permissions (obviously, done with scripts).
Which way is better? Is there any canonical advice one way or the other from Samba, Microsoft or any other authority on the matter?
What is their specific concern about a user doing that with their own files?
If you're comfortable with giving the users Full Control of their own files and folders then I don't personally see a problem with it.
This may be as canonical as you can get. See the Home Folder entry in the article.
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754178(v=ws.11)?redirectedfrom=MSDN