diff -Nur smeserver-shared-folders-0.1/root/etc/e-smith/events/actions/share-modify smeserver-shared-folders-0.1_mod/root/etc/e-smith/events/actions/share-modify
--- smeserver-shared-folders-0.1/root/etc/e-smith/events/actions/share-modify	2011-11-03 12:21:08.000000000 +0100
+++ smeserver-shared-folders-0.1_mod/root/etc/e-smith/events/actions/share-modify	2011-11-03 13:07:32.000000000 +0100
@@ -92,75 +92,68 @@
 my %properties = $share->props;
 my @write = split(/[;,]/,($properties {'WriteGroups'} || 'admin'));
 my @read = split(/[;,]/,($properties {'ReadGroups'} || 'admin'));
-$::group = 'admin';
 
-# Make sensible defaults
-$::owner = undef;
-$::fileperm = 0660;
-$::dirperm = 0750;
-
-sub process
-{
-    my $acl = '';
-    if (-l)
-    {
-	$File::Find::prune = 1;
+# Don't reset permissions if ManualPermissions is set to 'yes'
+
+unless ( $perm eq 'yes' || $perm eq 'enabled' ){
+    # Remove existing ACLs
+    system($setfacl,
+        '-R',
+        '--remove-all',
+        '--remove-default',
+        '.');
+
+    # Remove all execute permission
+    system('/bin/chmod',
+           '-R',
+           'a-x',
+           '.');
+
+    # make admin the group owner of everything
+    system('/bin/chgrp',
+           '-R',
+           'admin',
+           '.');
+
+    my $acl = 'u::rwX,g::rwX,o:---,';
+    foreach my $group (@write){
+        $acl .= 'g:'.$group.':rwX,';
     }
-    else
-    {
-	esmith::util::chownFile($::owner, $::group, $_);
-	if (-d)
-	{
-	    chmod $::dirperm, $_;
-	    chmod $::dirperm, $_;
-	    my $perm = ($_ eq '.') ? 'rx':'rwx';
-	    foreach my $group (@write){
-		$acl .= 'g:'.$group.':'.$perm.',';
-	    }
-	    foreach my $group (@read){
-                $acl .= 'g:'.$group.':rx,';
-            }
-	    # Set the effective ACLs
-	    system($setfacl,
-			'-m',
-			$acl,
-			'--',
-			$_);
-	     # Set the defaults ACLs
-	    system($setfacl,
-			'-d',
-			'-m',
-			$acl,
-			'--',
-			$_);
-	}
-	elsif (-f)
-	{
-           chmod $::fileperm, $_;
-	   foreach my $group (@write){
-               $acl .= 'g:'.$group.':rw,';
-           }
-           foreach my $group (@read){
-               $acl .= 'g:'.$group.':r,';
-           }
-	   system($setfacl,
-                '-m',
-		$acl,
-		'--',
-                $_);
-	}
+    foreach my $group (@read){
+        $acl .= 'g:'.$group.':rX,';
     }
-}
 
-# Purge Old ACLs before defining new ones
-# Don't reset permissions if ManualPermissions is set to 'yes'
+    # Set the effective ACLs
+    system($setfacl,
+           '-R',
+           '-m',
+           $acl,
+           '--',
+           '.');
 
-unless ( $perm eq 'yes' || $perm eq 'enabled' ){
+    # Set the default ACL
     system($setfacl,
-	'-R',
-	'--remove-all',
-	'.');
+           '-R',
+           '-d',
+           '--set',
+           $acl,
+           '--',
+           '.');
 
-    find(\&process,  glob("./"));
-}
+    # Now set the permission on the root of the share (no write access here)
+    $acl = '';
+    system($setfacl,
+           '--remove-all',
+           '--remove-default',
+           '.');
 
+    foreach my $group (@write,@read){
+        $acl .= 'g:'.$group.':rX,';
+    }
+
+    system($setfacl,
+           '-m',
+           $acl,
+           '--',
+           '.');
+}