user can delete root files

[scienzia]

I have RedHat 7.3, and I notices something strange:
a user (alessandro) can delete a file owned by root, how can this be possible?!?

This is what I have done:

[alessandro@linux condivisa]$ ls -l /bin/rm
-rwxr-xr-x    1 root     root        26216 mar 25  2002 /bin/rm
[alessandro@linux condivisa]$ ls -l
totale 24
-rw-r--r--    1 root     root            0 ott 29 14:03 a
drwxrwxrwx    9 alessand alessand     4096 ott 28 12:30 Backup Alessandro
-rwxr--r--    1 alessand alessand    20480 ott 28 11:35 rete.doc
[alessandro@linux condivisa]$ rm a
rm: remove write-protected file `a'? y
[alessandro@linux condivisa]$
[\code]

If anyone could explain me this ....

Thanks in advance.

 

[MrTom]

Who *owns* the directory that contains "a"?

 

[scienzia]

[root@linux home]# ls -ld condivisa
drwxrwxrwx    3 nobody   nobody       4096 ott 29 17:53 condivisa
[\code]

I found out that if I take off the w permission I can't delete it any more.

How can I make users be able to add files but not deleting others?

Sounds strange that file permissions are useless in front of directory permissions, how does this thing work?