Stopping a user from deleting a file they own

One person wanted to stop a specific user from deleting their own files from a specific directory while still allowing them to create and edit files. Permissions to delete files are interesting in that either one of these will be sufficient:

• Delete permissions on the file to be deleted
• Delete-child permissions on the folder that contains the file to be deleted

Therefore, the permissions on the containing folder and the file need a delete right denied to the restricted user. Since the user owns any files they create and could just change the ACL, an OWNER RIGHTS rule is needed to suppress the default grants.